Spotify has become the newest company where automated hacking tools have taken advantage of their lack of security as well as their customers. Recently the cyber security team Collective Lab’s CEO – Ryan Jackson – brought the new tool to Spotify’s attention via email, as well as on twitter with no result even after they said they would report it.
has recovered a working copy of the tool labeled“Spotify Cracker v1”
is currently being used by hackers to crack Spotify accounts. The tool cracks Spotify Premium, as well as Free Spotify accounts, which is a extensive security risk to customers credit card information as well as things like their email. Even if the user does not have a credit card on file with Spotify, the tool enables the hacker to use the information on other sites to see if they can gain access, because we all know many people use the same email and password for a number of different websites.
After Collective Labs
brought it to the attention of Spotify on social media, renowned Tech writer and guru Brian Krebs
chimed in with a tweet of his own. Mr. Kreb’s solution to the problem seems to be a simple Captcha which we all see on a number of other websites while surfing the internet daily – “Well what about it @spotifycares? How hard is it to put a captcha there” – Tweet from Brian Krebs 12/28/17.
is a security team that mainly focuses on finding tools like these exploring the deepest part of the web.
“At the rate we have seen hackers using this tool we would say over 1,000,000 accounts have already been breached.”
At 17 years of age, CEO Ryan Jackson – Resident of Talladega Alabama – knows hacking, having been involved with the New World Hackers
, as well as Lizard Squad,
he has been on specific forums discussing the software while never participating in their antics. The New World Hackers
were held responsible for attacking BBC, XBOX, and Donald Trump websites in the past. They are linked to Russia, and in fact, a majority of them speak Russian fluently. The real spill on the New World Hackers is the member SinfulHazeCE was apprehended in the UK for attempting to exploit the Parliament website, the group later went down hill from there and dispersed. Jackson also confirms they never attacked DYN, and was told they knew the real suspects.
It is important for teams like Collective Labs to keep these large companies check who put millions of users information at risk. Especially when they refuse to address the issue after being notified about the breach. By bringing it to the attention of the companies they are forced to upgrade their security software insuring that their customers can listen to music in piece without worrying if their information was stolen. Collective Labs suggests anyone with a Spotify account take this opportunity to change your password and check your recent billing history to see if small test purchase have been made or any large unexplainable ones.