More than 3,00,000 Spotify accounts hacked

November 24, 2020 Video Bytes Leave a comment 408 Views

Date: 24^th Nov 2020

Attack/Breach Status: Successful

Severity Impact/Potential: High

Headlines: More than 3,00,000 Spotify accounts hacked

Spotify, a digital audio streaming provider, has been targeted by hacker for Credential stuffing attack which resulted in exposing credentials of more than 3 lac customers.

Credential stuffing is a new form of attack to accomplish account takeover through automated web injection. While Credential stuffing is one of the most common methods used to gain access to user accounts, one of the primary reasons why such attacks occur is because usage of weak passwords by customers which companies can’t really control.

Basis on research done by vpnMentor’s team, attack was not initiated directly on Spotify but rather it was done on a third-party database which had data like username, email IDs & passwords of Spotify customers.

The team at vpnMentor contacted the Swedish audio streaming giant on July 9th and received almost immediate response.

Spotify addressed the issue and deployed a rolling reset of passwords for all users affected by the issue.

https://www.welivesecurity.com/2020/11/24/350000-spotify-accounts-hacked-credential-stuffing-attacks/

=================================================================================

Recommendations:

Securing the account is always a joint responsibility of service provider as well as the customer. Following are the best practices for everyone to ensure safeguarding account from such attack:

Always use a strong password which is easy to remember but difficult to guess.
Use a memorable pass phrase as your password.
Change your password periodically or in case of any breach news or alert
Subscribe to free or paid services which alerts you about the breach or compromise of your account
Use 2FA (Two Factor Authentication) for all your account
Don’t share your password with anyone
Don’t use same password for all accounts
Search google for “Most commonly used passwords” and ensure you are not using them
Check https://haveibeenpwned.com/ to validate if any of your account password compromised already

WhitehatGuru

More than 3,00,000 Spotify accounts hacked

Related Articles

Check Also

Security breach at FireEye – even the best and biggest organizations can be victim

Leave a Reply Cancel reply

Thwarting XSS!

Online Safety: Things to Do & Things to Avoid

Understanding IP datagram – the easy way

Learn to Love your Log files

Cracking wireless Network WEP protection

Hiring for Computer Engineers McKinsey’s way

SpyShredder : Manual Removal Instruction

Orkut has banned you fool! The administrators didn’t write this program guess who did?

Microsoft Updates:Fix Nine Security Holes

Manually Removing MyDoom/W32/W32.Novarg.A-mm

Microsoft Updates:Fix Nine Security Holes

Thwarting XSS!

XSS Attack Techniques

Firefox Update Plugs 8 Security Holes

All about Cross Site Scripting(XSS)

Facebook, WhatsApp, Instagram apps were down for nearly 6 hours

2 Big eye care providers hit by hackers resulting in Data breach

Man sentenced for 12 years in AT&T ‘Unlocking’ Scheme

Hackers access personal data of 79,400 customers of local mobile operator and internet service provider in Singapore

WhatsApp has been fined with a penalty of 225 million Euros for violating European Union Data protection law