Friday, July 23, 2021

Near Up to 350,000 Spotify Users Targeted by Credential Stuffers

Must Read

Smart Doorbells Are Open to Various Security Flaws

A consumer rights group has discovered security vulnerabilities from 11 popular smart doorbell products on just two of the...

Microsoft Exchange hack: Hackers breached the email servers of the European Banking Authority (EBA)

The European Banking Authority (EBA) on Sunday said it had been a victim of a cyberattack targeting its Microsoft...

Cybersecurity Firm Qualys Confirms Unauthorized Access to Data Using Accellion hacks

Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a...

Security researchers have assisted Spotify handles a potentially considerable credential stuffing campaign after having an unsecured cloud database containing hundreds of millions of consumer records.

The group at vpnMentor discovered that the database was hosted on an unsecured Elasticsearch server back on July 3.

The 72GB information trove comprised over 380 million recordings, such as email addresses, states of residence, and usernames and passwords for Spotify users. It maintained about 300,000-350,000 users were changed.

“The vulnerable database belonged to another party which has been using it to save Spotify login credentials.

“As a result of our query, Spotify pioneered a rolling reset’ of passwords for many users changed. Consequently, the info on the database could be voided and eventually become useless.”

In addition to utilizing the broken credentials to target different websites from credential stuffing campaigns, any malicious celebrities that found that the database might have sought to market Spotify premium account accessibility, or launching follow-on phishing and identity theft efforts utilizing these details and consumer mails.

“Credentials are a specific place where users are left vulnerable since they choose weak passwords, or reuse them over various websites,” claimed Javvad Malik, safety consciousness advocate at KnowBe4.

“This is the reason why consumers must understand the significance of picking distinctive and powerful passwords across their account and where accessible empower and utilize MFA.

This way, even when an account is compromised, it’s impossible for attackers to use those credentials to breach different accounts”

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This