The fraudsters can involve in the following activities:įinancial Fraud and Identity Theft- Make use of the exposed emails and names from the leak to identify users across other platforms and social media accounts. This implies the database would be voided and become useless in terms of accessing Spotify accounts.The affected users are still at risk of being hacked since the information in the database was likely stolen in another hack where users have reused credentials across multiple sites. Spotify initiated a ‘rolling reset’ of passwords for all users affected. It involves hackers taking usernames and passwords stolen in one hack, then seeing if the credentials work on other sites moreover services provided that users often reuse passwords across multiple sites. The process used here is known as Credential Stuffing. The researchers, along with Spotify believe that the database was compiled by hackers possibly using login credentials stolen from other sources that were reused forcredential stuffing attacks against Spotify. If someone knows about any similar service, and how i export my playlists i will go for another option and say bye bye to Spotify forever (after 6 years as premium user.A twist is that the database doesn’t belong to Spotify. You only need to see how many problems are unsolved, like Android impossibility to sort the playlists (14 pages topic, no solution from Spotify support). Normally people won't change email and phone number the same day.īut they don't care about customers. If you have not access to the old email address, then ask for a confirmation in you cell phone. The logic says, if someone wants to change the email, you need to confirm an email sent to that address.
There are lists of sites hacked with millions of passwords shared, from stuff like Dropbox, Mega or Adobe.
So if someone gets your password, gets full control of your account. They allow someone who has you password to change the email, and they don't ask confirmation in your previous email (the real one). The spotify developers are so dumb that they are not able to avoid this security problem.
0 kommentar(er)
