Amidst the recent series of attacks launched on various computers through the WannaCry Malware, a relatively minor incident occurred in which Spotify took the hit by having its user’s credentials dumped on a public website for everyone to see.
The Leak Boat
The hacker group, Leak Boat, has claimed responsibility for publishing the usernames and passwords of 9,000 Spotify users. Spotify, as you may already know is a well-known music streaming website with a considerable user base that includes celebrities. According to IBT, it was reported that the public website in which the user credentials have been dumped only had 6,410 accounts and not 9,000 like Leak Boat suggested in its tweet.
Private videos of celebrities also leaked
In addition to dumping user credentials, the hacking group has also leaked what they claim are some private videos which belong to celebrities. These include videos of Iggy Azalea, Jillian Murray and Jeniffer Lawrence.
https://twitter.com/SecTeamSix_/status/867046696152203264
- “We’re blackhats. We do it for the lulz and chaos. We’re here to bring the chaotic order back to the scene. #Lulzocalypse is what we’re calling it. Anything and everything we can, we’ll leak,” the group told HackRead.
Anyone can see the passwords
Apparently, the hacking group has listed the usernames and passwords in plain text format, meaning that anyone from the general public can use the credentials and stream online on Spotify.
As such, it is highly recommended that people who have their accounts on Spotify, immediately go to Ghostbin data dump website and locate their usernames and passwords. You can simply use the find feature to see whether your credentials are the ones that have been leaked. If it is listed and you use the same credentials to access other platforms, it is advised to immediately change your passwords so as to avoid any future infiltrations.
Is the hack legit?
At the moment it is unclear if the data is legit or not, however, one of the Twitter users claim that the login credentials leaked by the group look like reused passwords. Here are some of the screenshot from Twitter where users are discussing the legitimacy of the leaked data:
Source: Twitter
Source: Twitter
One of the users who checked their email on HaveIbeenpwned said that the leaked data contains credentials stolen from previous data breached.
Source: Twitter
Not for the first time:
Although it is unclear if the hack is legit or not this is not the first time when Spotify is in the news for wrong reasons. Previously, a group of Russian hackers claimed to hack thousands of Spotify accounts while the company’s CEO had to apologize for collecting users’ their personal data. Also, Spotify’s free service was also identified by users for dropping malware on their browser.
Avoid having simple passwords on social media websites
Legit or not, it is not uncommon for social media websites to get hacked as such. Spotify, being new in the field, is vulnerable to such attacks and so are other fledgling social media websites. It is therefore recommended that people who sign up for these websites create passwords that are harder to crack. This includes using special characters and numbers in addition to letters when making a password. Furthermore, given that there are a number of hackers playing with dangerous hacking tools recently leaked and stolen from the NSA, it has become ever more necessary to take care of one’s online accounts as much as possible.
