Database leak exposed mass credential stuffing against Spotify users

Database leak exposed mass credential stuffing against Spotify users

Researchers helped Spotify detect and address a severe credential stuffing operation affecting hundreds of millions of its users.


On July 3, VpnMentor’s research team led by Ran Locar and Noam Rotem discovered a database hosted on an unprotected Elasticsearch server and suspected it to be part of a credential stuffing operation, the origins of which are yet unidentified.


The 72GB database contained more than 380 million Spotify users’ records, including sensitive data like usernames/passwords, email Ids, country of residence, and other PII (personally identifiable information) of Spotify users.


Owned by hackers: Database with 100,000 hacked Facebook accounts leaked


Approx. 300,000-350,000 users could have been impacted by this campaign. However, researchers couldn’t identify how the fraudsters were able to target Spotify’s user data. They noted that the hackers might have used credentials stolen from another platform, such as an app or website for accessing Spotify accounts.


Moreover, researchers identified several server IP addresses to be part of the data leak. However, these addresses mostly belonged to proxy servers of the network operators where the database was hosted.

Researchers claim that the data exposure didn’t stem from Spotify because the database belonged to a third party that either legally or illegally obtained Spotify login credentials and stored them to carry out credential stuffing operation.



Screenshot of the exposed data (Credit: vpnMentor



Credentials stuffing is a technique in which hackers use weak passwords to launch attacks and target sites. VpnMentor notified Spotify on July 9th, ..

Support the originator by clicking the read the rest link below.