Spotify Gets Hit Again
Protection against credential stuffing isn’t something that a company like Spotify should struggle with, and suffering two credential stuffing incidents in one quarter shows a sloppy attitude toward security.
As many as 100,000 of the music streaming service’s customers could face account takeover.
Spotify has returned for another appearance with a credential stuffing disaster eerily similar. This time, data for approximately 100k users appeared in an Elasticsearch instance spotted by researchers. This is distinctly different data than the load that researchers discovered in November 2020.
No specifics were listed about the stolen data, but Spotify users should reset their account passwords and be on the lookout for spear phishing attempts.
“Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. The service has forced password resets for impacted users.
Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same passwords across multiple online accounts. Attackers simply build automated scripts that systematically try stolen IDs and passwords (either gleaned from a breach of another company or website, or purchased online) against various types of accounts.”
Get In Touch
Share On Social Media
Other Recent Blog Articles
Breaking Down I.T. with Steve: The Perils of Free Email Accounts for Business
In this week’s episode, we dive into the risks of using free email accounts for business operations. Discover why relying on free email services can send the wrong message to…
Read MoreDangers of QR Codes
This week on Breaking Down I.T. with Steve, we’re diving deep into the dangers of QR Codes. Tune in to learn how these seemingly harmless squares can be used for…
Read MoreAramark Data Breach: How to Protect Your Small Business
A recent data breach at Aramark, a major food service and facilities provider, highlights the importance of cybersecurity for small businesses. In this blog post, we’ll discuss how the breach…
Read More