What to Do If Your Spotify Account Is Jailbroken
Thousands of Spotify users have learned the hard way why passwords should not be reused.
Cybersecurity company VPNMentor has discovered an inappropriately secure database containing email addresses, passwords, account names and other personal information for thousands of Spotify accounts. Hackers have compiled this data using other leaks or by filling in credentials , instead of directly attacking Spotify itself; However, this mining operation allowed them to successfully hack over 300,000 accounts.
In response to the leak, Spotify issued a forced password reset for the 300,000 affected accounts back in July, but not everyone did. If you haven’t signed in to Spotify for a long time, it is probably worth updating your password right now. So, let’s enable two-factor authentication and install an encrypted password manager.
However, don’t assume you’re safe if Spotify hasn’t forced you to reset your password yet: according to VPNMentor, the database is still heavily used by hackers, so further attacks are possible. There are probably many more Spotify users who use the same email address, username and password across multiple apps or websites, and even more who use readily available information as passwords, such as their postal address, name, date of birth, etc. details can also be compromised by data breach or a little social engineering.
If a hacker gets in, he can take over your Spotify account and transfer your personal information for use elsewhere. This is even more problematic for Spotify users who log in using their Facebook, Google or Apple accounts as they store so much personal information and link to dozens of other apps.
Think of it as a canary in a coal mine and update your Spotify password to something more secure. It’s also important to regularly check your password and verify your accounts with HaveIBeenPwned . Many password managers also include built-in password health checks.
Finally, enable two-factor authentication (2FA) . I know adding an extra login step is annoying, but worth it. Even unique, hard-to-guess passwords stored securely in password managers can be compromised by a data breach , and 2FA can prevent and / or warn you of account hacking attempts .
[ TechRadar ]