
Hundreds of Spotify credentials appear online – accounts hacked, emails changed - daegloe
http://techcrunch.com/2016/04/25/hundreds-of-spotify-credentials-appear-online-users-report-accounts-hacked-emails-changed/
======
jswny
First of all, this is extremely commonplace. You can go on Pastebin and find
dumps like these easily at any given time.

Secondly, the way these leaks work is that attackers take a large list of
leaked credentials from a generic dump from a hacked database. They then try
each set of credentials against popular services like Netflix and Spotify.
Usually, lots of attackers get the same accounts because they all use similar
dumps and therefore get similar results. A lot of these lists of valid
credentials end up on sites like Pastebin, and many are sold online as well.
You can get cheap Netflix accounts for $1 or less easily on many hacker
forums. Often, these accounts come with a warranty because many people who
have obtained similar lists of accounts will change the credentials so they
can keep individual accounts for themselves.

In conclusion, use unique passwords for every site, otherwise this could
easily happen to you.

------
justtopostthis3
> given that they are specific to Spotify, rather than a set of generic
> credentials that just happen to work on Spotify.

Actually, it looks like output from a popular tool (Sentry MBA) specifically
designed to test if "generic credentials" from other password leaks "just
happen to work" on popular services like Spotify.

------
soared
Just had an idea: Publish claims of a massive leak of banking credentials and
then provide a tool to check whether your account was hacked. Allow (suggest)
readers to search affected accounts by searching their account name, password,
or other information.

Toss me a bitcoin when you use it.

~~~
jswny
Can't tell if you are suggesting this satirically but
[https://haveibeenpwned.com](https://haveibeenpwned.com) is a thing.

