Spotify suffered a credential-stuffing attack that used stolen credentials from some 100,000 user accounts, a security researcher discovered.
This is the second credential-stuffing attack to affect the music platform in the past couple of months. Last November, 300,000 accounts were affected when an Elasticsearch database containing more than 380 million records and login credentials was used to target Spotify accounts. It’s believed this data was collected from previously breached platforms, researchers said at the time.
Security researcher Bob Diachenko says in the latest incident, the attackers tried to use a malicious Spotify logger database. He identified a database containing more than 100,000 account details, likely leaked from somewhere else, that attackers used to target Spotify user accounts.
The attack was reported to Spotify, which issued a password reset to…