A third-party 72GB server containing 380M records, including over 300,000 Spotify account passwords was leaked.
Security researchers from vpnMentor recently found a huge Elasticsearch database that was unsecured. The database contained over 380M records, including 300-350K Spotify accounts. The Spotify data leaked included personal information, email addresses, country, and username and passwords.
None of this information was encrypted, meaning there may have been an intention to use that information to access Spotify user accounts. Hackers and organizations could also use any username and password combinations to try to access other accounts, knowing how prevalent password reuse is.
Spotify was notified about the data leak soon after the security researchers discovered it and Spotify has been issuing manual password resets for affected accounts.
To be absolutely safe, reset your password on Spotify if you haven’t already been directed to do so from the company. You should also change your password on any account that shares the same password as before, especially if you have the same username as your Spotify account.
To better protect yourself from hackers or scammers from using old password data to get into your accounts, we recommend using a unique password for every account and even consider changing your username across accounts, using alternative email addresses if necessary.
Tools like MySudo and password managers will help keep your accounts and passwords secure. For more information, visit ZDNet.