From hotforsecurity.bitdefender.com
A security researcher has discovered that Spotify has fallen victim to a credential stuffing attack that used data from more than 100,000 accounts.
Unlike the previous incident involving Spotify a few months ago, the latest attack is not due to a security breach. This time, bad actors tried to use a malicious Spotify logger database in a credential stuffing attack on Spotify.