Database leak exposed mass credential stuffing against Spotify users

On July 3, VpnMentor’s research team led by Ran Locar and Noam Rotem discovered a database hosted on an unprotected Elasticsearch server and suspected it to be part of a credential stuffing operation, the origins of which are yet unidentified.

The 72GB database contained more than 380 million Spotify users’ records, including sensitive data like usernames/passwords, email Ids, country of residence, and other PII (personally identifiable information) of Spotify users.

Read full article on HackRead