More than 3,00,000 Spotify accounts hacked

Date: 24th Nov 2020

Attack/Breach Status: Successful 

Severity Impact/Potential: High

Headlines: More than 3,00,000 Spotify accounts hacked

Spotify, a digital audio streaming provider, has been targeted by hacker for Credential stuffing attack which resulted in exposing credentials of more than 3 lac customers. 

Credential stuffing is a new form of attack to accomplish account takeover through automated web injection. While Credential stuffing is one of the most common methods used to gain access to user accounts, one of the primary reasons why such attacks occur is because usage of weak passwords by customers which companies can’t really control. 

Basis on research done by vpnMentor’s team, attack was not initiated directly on Spotify but rather it was done on a third-party database which had data like username, email IDs & passwords of Spotify customers.

The team at vpnMentor contacted the Swedish audio streaming giant on July 9th and received almost immediate response. 

Spotify addressed the issue and deployed a rolling reset of passwords for all users affected by the issue.

https://www.welivesecurity.com/2020/11/24/350000-spotify-accounts-hacked-credential-stuffing-attacks/

=================================================================================

Recommendations:

Securing the account is always a joint responsibility of service provider as well as the customer. Following are the best practices for everyone to ensure safeguarding account from such attack:

  • Always use a strong password which is easy to remember but difficult to guess.
  • Use a memorable pass phrase as your password.
  • Change your password periodically or in case of any breach news or alert
  • Subscribe to free or paid services which alerts you about the breach or compromise of your account 
  • Use 2FA (Two Factor Authentication) for all your account
  • Don’t share your password with anyone
  • Don’t use same password for all accounts 
  • Search google for “Most commonly used passwords” and ensure you are not using them
  • Check  https://haveibeenpwned.com/ to validate if any of your account password compromised already

Check Also

Security breach at FireEye – even the best and biggest organizations can be victim

Date: 8th Dec 2020 Attack/Breach Status: Successful  Severity Impact/Potential: High Headlines: FireEye, one of the …

Leave a Reply

Your email address will not be published.