Spotify suggested that due to credentials stuffing attack they had to make this decision.
Hearing the suspicious activity on Facebook was common, but an attempt of a data breach on music streaming apps was unheard of for so long.
According to the recent reports, Spotify users were informed in an email that their Spotify’s account password was reset “due to detected suspicious activity.” The company has not given any detailed information.
Reset password activity by Spotify has left many users puzzled. When contacted, Spotify representative Peter Collins stated,
“As part of our ongoing maintenance efforts to combat fraudulent activity on our service, we've recently shared communication with select users to reset their passwords as a precaution. As a best practice, we strongly recommend users not to use the same credentials across different services to protect themselves.”
Although it is a common practice for enterprises to reset user passwords, recent acts by Spotify of resetting user’s password left some of their users puzzled. They start wondering whether their Spotify account got hacked or what? You can find out more about this application by checking out the detailed app review of Spotify.
Here are some of the tweets by Spotify’s users after their Spotify’s accounts password got reset.
@SpotifyCares dear Spotify team I do not have any active Spotify subscriptions then why did I receive an email asking me to reset my password?— Muarrif Ahmad (@muarrif) May 22, 2019
Spotify just reset my password due to 'suspicious activity'. Did someone hack in to listen to Justin Bieber or something?— P13 (@apaulothirteen) May 16, 2019
In the process of resetting, companies don’t save passwords in plaintext. Instead, they mix up passwords via a hashing algorithm. Then the companies rearrange lists of weak passwords by using the same algorithm and at last companies can match weaker passwords against their own records and send emails to reset passwords.
In simple terms, Spotify indicated they had to take this action due to a credential stuffing attack which involved hackers creating lists of usernames and passwords from other hacked sites and then forcing their way into the accounts.
The news about Spotify’s account password reset was the first to come out on the Hacker News thread. Many of the users also stated that despite the uniqueness of their passwords, their Spotify’s passwords got reset on account of suspicious activity.
The company has still not confirmed anything about any data breach. The last time Spotify became a target for hackers was in 2016. The music streaming business is becoming a cut-throat competition and this type of activity can drive away users looking out for other options such as Apple Music, Soundcloud, and a soon-to-be-launched ByteDance’s new music streaming app.
She is a content marketer and has more than five years of experience in IoT, blockchain, Web, and mobile development. In all these years, she closely followed the app development, and now she writes about the existing and the upcoming mobile app technologies. Her essence is more like a ballet dancer.