On July 3rd Security experts from vpnMentor detected a possible credential stuffing operation that affected some Spotify accounts.
If you are a Spotify user and have been using the same set of passwords across different sites, then it's time to change the passwords on those accounts too immediately.
On July 3rd Security experts from vpnMentor detected a possible credential stuffing operation that affected some Spotify accounts.
The report states that the exposed database contained 300 million username and password combinations wherein each record in the database contains a login name (email address), password and whether the credentials could successfully login to a Spotify account.
“The origins of the database and how the fraudsters were targeting Spotify are both unknown. The hackers were possibly using login credentials stolen from another platform, app, or website and using them to access Spotify accounts.” reads the post published by vpnMentor.
“Working with Spotify, we confirmed that the database belonged to a group or individual using it to defraud Spotify and its users. We also helped the company isolate the issue and ensure its customers were safe from attack.”
Spotify recommends that it is urging the password reset for all the impacted users. It does not support two-factor authentication for its users; this means hackers who have had access to the unsecured Elasticsearch DB discovered by vpnMentor may have had access to the Spotify accounts.
Javvad Malik, the security awareness advocate at KnowBe4, told IT Pro that this exposure goes to illustrate that criminals don't need sophisticated technical hacking abilities to compromise accounts, rather, they can take advantage of users’ lax security practices.
What is credential stuffing?
It is a typical attack where the hackers use large collections of data (username/password combination) that were leaked in previous security breaches to gain access to secure accounts on other online platforms.
It is always recommended to choose unique and strong passwords. To be on the safer side users must use different passwords across different sites rather than reusing them.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?