Spotify Gets Hit Again

Protection against credential stuffing isn’t something that a company like Spotify should struggle with, and suffering two credential stuffing incidents in one quarter shows a sloppy attitude toward security.

As many as 100,000 of the music streaming service’s customers could face account takeover.

Spotify has returned for another appearance with a credential stuffing disaster eerily similar. This time, data for approximately 100k users appeared in an Elasticsearch instance spotted by researchers. This is distinctly different data than the load that researchers discovered in November 2020.

No specifics were listed about the stolen data, but Spotify users should reset their account passwords and be on the lookout for spear phishing attempts.

“Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. The service has forced password resets for impacted users.

Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same passwords across multiple online accounts. Attackers simply build automated scripts that systematically try stolen IDs and passwords (either gleaned from a breach of another company or website, or purchased online) against various types of accounts.”

Get In Touch

Share On Social Media

Other Recent Blog Articles

Imagine your business is like a really important house, like a bank or a hospital, filled with valuable information. Keeping it secure from digital “burglars” is crucial!

March 27, 2025

Imagine your business. It’s not just an office or a storefront anymore; it’s a digital vault. Inside reside your most valuable assets: customer data, financial records, intellectual property, and the…

Read More

Breaking Down I.T. with Steve: Is Your Small Business a Hidden Target? The Importance of Vulnerability Scanning

March 21, 2025

This week on “Breaking Down I.T. with Steve,” we’re tackling a critical topic that every small business owner in the Pacific Northwest needs to understand: vulnerability scanning. You might think…

Read More

Bank of America Data Breach: A Wake-Up Call for Third-Party Security

March 19, 2025

Bank of America Corp. (NYSE:BAC) recently issued a warning to a select group of customers regarding a potential data breach, highlighting the ever-present threat of data security vulnerabilities, even within…

Read More