Cyber-criminals are trying to crack your Spotify password

What is Spotify?

Spotify is a digital music service, supplying its 140 million-strong active user base access to millions of songs and billions of playlists. Launched in the UK in February 2009, the Swedish-based company is a leader in the music streaming industry.

Introducing the hack

A brute force* hacking tool named ‘Spotify Cracker v1’ was discovered to be using known username and password credentials with the aim of breaking into Spotify accounts using the same combinations.

*A brute force attack is a trial and error method of hacking that involves an automated piece of software that continually generates a large number of password and username combinations in order to gain access to private information.

It’s reported that Spotify is severely lacking in the IT security department – shocking for a company with 140 million active users. It would appear that Spotify don’t have the most basic of security gateways such as 2 factor authentification (2FA) or Captcha forms. Both of which are widely considered a security must have for companies that have a large amount of users/accounts.

A password cracking server costing less than $20,000 can try out more than 100,000,000,000 (100 billion) passwords each second – Sophos

How to protect your information from cyber-criminals

It’s being advised that Spotify users create longer more complex passwords and change these regularly. TSG’s IT security partner Sophos has released a two minute video (below) on the best way to generate a strong password.