Rogue Security Labs has managed to uncover approximately 3,164 customer accounts belonging to Spotify which were hacked and leaked online between November 5th and November 7th 2018. “Argentina GhostHack” and a hacker going by the name of “Grinch Vyse” have claimed responsibility for the breaches, posting email addresses and login credentials tied to Spotify customer accounts online earlier this week. It should be noted that Argentina GhostHack is primarily responsible for the majority of accounts exposed this week, releasing 2,867 (91%) of the leaked material online.
Spotify has been informed of the leaks, and in a statement has thanked Rogue Security Labs for bringing the information to their attention. Adding that “We’ve passed this on to the right folks to take a closer look backstage.” It is unknown if the accounts breached were tied to the October 2018 Facebook hack which effected over 50 million Facebook users worldwide, incidentally compromising other 3rd party services attached to the social network – such as Spotify, Tinder and Instagram. Investigations are still ongoing.
For the time being, if you are a customer of Spotify you are advised to update/change your account password immediately. Additionally, if you use the same root password for your Spotify account as you do your personal email, you are advised to change this as well.
** Due to the number of civilian customers exposed in the breach, Rogue Security Labs has declined to share the leaks publicly **
Categories: Hacking News