Fool Us Once, Shame on you. Fool Us twice…. Shame On Spotify What We Know Spotify is faced with yet another incident of compromised accounts. The popular “Freemium” music streaming service with over 300…

Fool Us Once, Shame on you. Fool Us twice…. Shame On Spotify

Noa Shneorson

Between traveling, writing, designing, and studying interactive media, Noa breathes creativity into the world of cybersecurity.

Share


What We Know

Spotify is faced with yet another incident of compromised accounts. The popular “Freemium” music streaming service with over 300 million subscribers has had a string of such data leaks in the past. On April 23rd, a list of hundreds of Spotify Premium credentials  were put up on Pastebin. The list included account usernames, passwords, names, and dates of auto-renewal.

What were users experiencing in the days following the list posting?

Many users claimed to lose access to their accounts while streaming music and others found themselves locked out due to involuntary email changes. Some came to suspect a breach when they found unfamiliar songs in their playlists. Many victims of this breach have reported implications beyond blocked access to their music. Some of the passwords on the list were also the keys to Facebook, Uber, Skype, and even bank accounts.

SpotifyThe music company denies any accusations of data breach, saying the “user records are secure,” and no formal press release has been put out by the company.

 

What We Want to Know

  • Is this a brand new list of credentials, or is it resurfacing data from the past Spotify leaks?
  • Why are the attackers accessing the accounts themselves, rather than selling credentials on the dark web as is traditionally the case with compromised accounts?
  • What would the damage be- both to Spotify and its customers-  if  PCI and PII were leaked?

  • What precautions will Spotify take moving forward?
  • Given all this proof of breaches and testimonies by users over the past couple of days, how and why is the company so firm in their belief that the data has not been leaked?

Finally, as users scramble to recover their lost accounts, the question becomes ‘can users keep trusting Spotify with their PII, PCI, and other sensitive information?’

How To Prevent Data Leaks Within Your Organization

Read the CloudLock CyberLab’s latest report to learn about the new Cloud Threat Funnel methodology. Make the most of your cybersecurity efforts by correlating suspicious activities and anomalous behavior to surface the ones that truly indicate cyberthreats.

The Cloud Threat Funnel: Suspicious User Behavior That Matters

Share
Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser

Close