Saturday, October 16, 2021

Near Up to 350,000 Spotify Users Targeted by Credential Stuffers

Must Read

Google patches Chrome zero-day vulnerability exploited in the wild

Google has released today Stable version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today's release contains...

Big Tech Giants formed Ransomware Task Force

Recently founded Ransomware Task Force will work together with a standard framework for Tackle ransomware attacks.A group of 19...

UAE target of cyberattacks after Israel deal, official says

The United Arab Emirates has been the Target of cyber-attacks after formal ties with Israel, the Gulf Arab country's...

Security researchers have assisted Spotify handles a potentially considerable credential stuffing campaign after having an unsecured cloud database containing hundreds of millions of consumer records.

The group at vpnMentor discovered that the database was hosted on an unsecured Elasticsearch server back on July 3.

The 72GB information trove comprised over 380 million recordings, such as email addresses, states of residence, and usernames and passwords for Spotify users. It maintained about 300,000-350,000 users were changed.

“The vulnerable database belonged to another party which has been using it to save Spotify login credentials.

“As a result of our query, Spotify pioneered a rolling reset’ of passwords for many users changed. Consequently, the info on the database could be voided and eventually become useless.”

In addition to utilizing the broken credentials to target different websites from credential stuffing campaigns, any malicious celebrities that found that the database might have sought to market Spotify premium account accessibility, or launching follow-on phishing and identity theft efforts utilizing these details and consumer mails.

“Credentials are a specific place where users are left vulnerable since they choose weak passwords, or reuse them over various websites,” claimed Javvad Malik, safety consciousness advocate at KnowBe4.

“This is the reason why consumers must understand the significance of picking distinctive and powerful passwords across their account and where accessible empower and utilize MFA.

This way, even when an account is compromised, it’s impossible for attackers to use those credentials to breach different accounts”

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This