Geeks for your information News Privacy & Security News v
Spotify Users Hit with Rash of Account Takeovers
Spotify Users Hit with Rash of Account Takeovers
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,065 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  24 November 20, 17:26
Quote:Subscribers of Spotify streaming music service may have experienced some disruption, thanks to a likely credential-stuffing operation.
 
Credential stuffing takes advantage of people who reuse the same passwords across multiple online accounts. Attackers will use IDs and passwords stolen from another source, such as a breach of another company or website, that they then try to use to gain unauthorized access to other accounts, trying the stolen logins against various accounts using automated scripts. Cybercriminals have successfully leveraged the approach to steal data from various popular companies, including most recently, the North Face.
 
vpnMentor’s research team spotted an open Elasticsearch database containing more than 380 million individual records, including login credentials and other user data, actively being validated against Spotify accounts. The database in question contained over 72 GB of data, including account usernames and passwords verified on Spotify; email addresses; and countries of residence.
 
“The exposed database belonged to a third party that was using it to store Spotify login credentials,” the firm said. “These credentials were most likely obtained illegally or potentially leaked from other sources.”
It added, “Working with Spotify, we confirmed that the database belonged to a group or individual using it to defraud Spotify and its users.”
 
In response, Spotify initiated a rolling reset of passwords, making the information in the database relatively useless. The attacks ultimately affected between 300,000 and 350,000 music-streamers, vpnMentor said – a small fraction of the company’s user base of 299 million active monthly users.
 
“The origins of the database and how the fraudsters were targeting Spotify are both unknown,” according to the company, in a Monday posting. “The hackers were possibly using login credentials stolen from another platform, app or website and using them to access Spotify accounts.”

Read more: https://threatpost.com/spotify-account-t...rs/161495/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Microsoft warns: Office 2016 and 2019 re...
Microsoft Office 2...harlan4096 — 06:55
Google rolling out auto-restart securit...
Google rolls out aut...harlan4096 — 06:51
K-Lite Codec Pack 18.8.5 / 18.8.9 Update
Changes in 18.8.9 ...harlan4096 — 07:13
Ubuntu 24.04.2 LTS / 25.04
Ubuntu 24.04.2 LTS...harlan4096 — 07:12
Microsoft Edge 135.0.3179.85
Version 135.0.3179...harlan4096 — 07:10

[-]
Birthdays
Today's Birthdays
avatar (43)techlignub
avatar (42)Stevenmam
avatar (49)onlinbah
Upcoming Birthdays
avatar (44)wapedDow
avatar (50)steakelask
avatar (44)Termoplenka
avatar (42)bycoPaist
avatar (48)pieloKat
avatar (42)ilyagNeexy
avatar (50)donitascene
avatar (50)Toligo

[-]
Online Staff
There are no staff members currently online.

>