Spotity resets the passwords as soon as misuse becomes known. Here, too, the data was captured via credential stuffing and then misused to access Spotify accounts. On February 4, 2020, security researcher Bob Diacheko announced in this tweet the discovery of another database containing over 100,000 Spotify account credentials. The hackers may have used credentials stolen from another platform, application or website and used them to access Spotify accounts. The origin of the database and how the fraudsters targeted Spotify are both unknown. Security researchers at vpnMentor came across an unsecured Elasticsearch database on the Internet at the time that contained over 380 million records, including credentials and other user data validated against the Spotify service. Weak passwords or reuse of credentials on different user accounts encourage this kind of thing. The whole thing works via "credential stuffing": hackers simply randomly try credentials from known data leaks on websites and, if successful, can access the accounts. Hackers had used a database of 380 million records of login credentials and personal information from various sources to crack Spotify accounts and were probably successful with more than 300,000 users. In the November 2020 blog post More than 300,000 Spotify accounts hacked?, I had already reported on a data leak with Spotify account credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |