+41 (0)22 552 55 65 info@barraudconsulting.com

Piracy at Spotify

Jan 11, 2021 | Blog

A fearsome cyberattack

It’s a bit of a coincidence that by the end of 2020, cybersecurity researchers came across this info: more than 400,000hacked Spotify subscriber accounts.

The databases of these client accounts were stored on the hackers’ servers where there are 380 million documents or 72 GB of stolen confidential data.

Spotify offers free access but also a premium space, which allows access to all content without advertising. Confidential data in paid accounts and payment information such as credit cards have been compromised.


The giant Spotify

Spotify is a digital streaming service that offers music, podcasts and videos. It offers access to millions of titles and other content by artists around the world.

Spotify was founded in 2006 in Sweden and launched on the market by Daniel Ek on October 7, 2008.

Already on March 4, 2009, Spotify announced that a potential security breach including its customers’ personal data such as dates of birth or email addresses is potentially threatened.

In 2010 the site has nearly 7 million users in Europe.

In 2014, Spotify claimed 50 million active users worldwide, and climbed further to 159 million active users by the end of 2017.


Hacking the Spotify database at the end of 2020

In order to obtain authentic Spotify accounts, cyber criminals have used the dramatically effective “credential stuffing” method.

“Credential stuffing” is a practice of using stolen account identifiers to access multiple accounts on various sites in an automated manner. This exploit can allow hackers and those who purchase stolen identifiers to access not only accounts on hacked sites,but also all accounts for which the victim uses the same password.

The stolen data was used to power a streaming service and artificially inflate the songbacks of certain artists. The hackers then used botnets to test thousands of combinations on well-known websites.

Spotify claims to have launched a gradual reset of the passwords of all users affected by this cyberattack,so the information contained in the database becomes useless.


The Importance of Computer Security

IT security is more relevant than ever following several major cyberattacks in recent years.

SMEs regularly bear the brunt of these attacks, according to MELANI.

It is crucial to educate your staff about the vigilance to be faced with unsolicited emails. Knowing the right behaviors to prevent a hacker attack, Barraud Consulting makes your IT security its priority.

You can visit the https://haveibeenpwned.com/ website that will inform you about potential breaches of your confidential data on the main sites where your email address is the identifier.