Geeks for your information News Privacy & Security News v
Spotify Users Hit with Rash of Account Takeovers
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Spotify Users Hit with Rash of Account Takeovers
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,067 in 3,839 posts
Thanks Given: 6,263
Joined: 12 September 18
#1
Information  24 November 20, 17:26
Quote:Subscribers of Spotify streaming music service may have experienced some disruption, thanks to a likely credential-stuffing operation.
 
Credential stuffing takes advantage of people who reuse the same passwords across multiple online accounts. Attackers will use IDs and passwords stolen from another source, such as a breach of another company or website, that they then try to use to gain unauthorized access to other accounts, trying the stolen logins against various accounts using automated scripts. Cybercriminals have successfully leveraged the approach to steal data from various popular companies, including most recently, the North Face.
 
vpnMentor’s research team spotted an open Elasticsearch database containing more than 380 million individual records, including login credentials and other user data, actively being validated against Spotify accounts. The database in question contained over 72 GB of data, including account usernames and passwords verified on Spotify; email addresses; and countries of residence.
 
“The exposed database belonged to a third party that was using it to store Spotify login credentials,” the firm said. “These credentials were most likely obtained illegally or potentially leaked from other sources.”
It added, “Working with Spotify, we confirmed that the database belonged to a group or individual using it to defraud Spotify and its users.”
 
In response, Spotify initiated a rolling reset of passwords, making the information in the database relatively useless. The attacks ultimately affected between 300,000 and 350,000 music-streamers, vpnMentor said – a small fraction of the company’s user base of 299 million active monthly users.
 
“The origins of the database and how the fraudsters were targeting Spotify are both unknown,” according to the company, in a Monday posting. “The hackers were possibly using login credentials stolen from another platform, app or website and using them to access Spotify accounts.”

Read more: https://threatpost.com/spotify-account-t...rs/161495/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Windows Repair Toolbox 3.0.4.0
An updated version...harlan4096 — 16:25
SecureAPlus 6.8.1
SecureAPlus 6.8.1:...harlan4096 — 16:22
CrystalDiskInfo 9.3.0
Changes in 9.3.0: ...harlan4096 — 06:59
Microsoft OneDrive on the web is adding ...
Microsoft has anno...harlan4096 — 06:08
Vivaldi Stable 6.7 (3329.21)
Vivaldi Stable 6.7...harlan4096 — 17:09

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>