Spotify: soon a karaoke mode -
A database, which contained 400,000 genuine Spotify accounts, including 47,456 belonging to French users, was discovered on the Internet.
It was Noam Rotem and Ran Locar, two cybersecurity researchers, who made this discovery.
They got their hands on a much larger treasure than the hundreds of thousands of streaming platform accounts, since this database, made up of 380 million documents, had a size of 72 GB, reports
The researchers were convinced that this was not a hack to which Spotify was allegedly the victim.
The hackers actually managed to combine email addresses and passwords that allowed access to free and
of the music platform.
The "credential stuffing" method
To get these accounts verified, the hackers therefore used the "credential stuffing" method.
a list of stolen IDs and passwords from
"As users very often juggle lazily with the same password for their different online accounts, cybercriminals turn to
, computer bots, to test thousands of combinations of IDs and passwords on well-known services ”, explains Hicham Bouali, cybersecurity expert at One Identity to our colleagues.
The capacity of these computer robots is such that they can test up to 300,000 connections per hour on a website.
The targets are the most famous sites like Uber, Netflix, Spotify, YouTube or Amazon.
From the moment the account is verified, it increases in value, reaching up to ten dollars.
The value of 400,000 verified Spotify accounts is estimated at four million dollars.
Warned by researchers in July, the platform carried out a "gradual reset of passwords for all affected users".
The database has therefore lost all of its value.
According to the researchers, these accounts were used to artificially increase the readings of certain artists' titles.
Spotify now has 320 million monthly active users.
Spotify: The app on the Apple Watch now works without an iPhone
Spotify: You can now find a song by typing the lyrics