Researchers helped Spotify detect and address serious credential stuffing operations that affect hundreds of millions of users.
On July 3, VpnMentor’s research team, led by Ran Locar and Noam Rotem, discovered a database hosted on an unprotected host. Elasticsearch server And although it was suspected to be part of the qualification cramming process, its origin has not yet been identified.
The 72GB database contains more than 380 million Spotify user records, including sensitive data such as username / password, email ID, country of residence, and other Spotify users’ PII (personally identifiable information). Was included.
Owned by a hacker: Database leaked with 100,000 hacked Facebook accounts
Approximately 300,000 to 350,000 users may have been affected by this campaign. However, rResearchers couldn’t determine how scammers were able to target Spotify user data. They pointed out that hackers may have used credentials stolen from other platforms such as apps and websites to access their Spotify accounts.
In addition, researchers have identified some server IP addresses that are part of the data breach. However, these addresses primarily belonged to the proxy server of the network operator where the database was hosted.
Researchers claim that the data breach was not due to Spotify because the database belonged to a third party that legally or illegally obtained Spotify login credentials and saved them to perform the credential stuffing operation. I am.
Screenshot of published data (credit: vpnMentor
Credential stuffing is a technique by which a hacker uses a weak password to launch an attack and target your site. VpnMentor notified Spotify on July 9, 2020. The company responded quickly and confirmed that the database was actually being used by individuals or groups of scammers to exploit Spotify and its users.
According to VpnMentor Blog post, Spotify has also started a “rolling reset of passwords” for all affected users, so the information in that database is no longer useful.
look: Hackers claim to have leaked thousands of Spotify login credentials
If the database is discovered by a threat actor, it could easily sell Spotify Premium Account Access or use the data to launch subsequent phishing or identity theft attacks.
Therefore, users should be aware of the importance of having strong and unique passwords for all accounts. It is imperative to enable MFA (multi-factor authentication) when possible.
Did you enjoy reading this article?Please like the page Facebook And follow us twitter..
Source link Database leak exposed a large amount of credential stuffing for Spotify users
Source of this news: https://illinoisnewstoday.com/database-leak-exposed-a-large-amount-of-credential-stuffing-for-spotify-users/318734/
Related posts:
News Microsoft Touts $39.8B in Returns During Annual Shareholders Meeting By Kurt MackieDecember 01, 2021 Microsoft's Annual Shareholder Meeting voting results were reported on Tuesday, bringing ...
In this week’s real-time analytics news: NVIDIA made multiple announcements at its GPU Technology Conference, UiPath introed new features, and more. Keeping pace with news and developments in the ...
by Vlad Turiceanu Editor-in-Chief Interested in technology, Windows, and everything that has a power button, he still spent most of his experience developing new skills and discoveri...
Today’s Internet is a hectic place. A lot of different web technologies and services are “glued together” and help users shop online, watch the newest movies, or stream the newest hits while jogging....
Approov introduced the Mobile Certificate Pinning Generator, a free tool to help mobile-first companies make Man-in-the-Middle (MitM) attacks targeting mobile app APIs a thing of the past. It enables...
Windows 11 is here now! If you have installed Windows 11 on your computer and are feeling overwhelmed by it, then don’t you worry – This easy-to-understand tutorial will help you sort everything! Win...
With high-profile cyberattacks growing in frequency, industry has become all too aware of the potential dark side of internet-connected devices. While plant-floor networks were once air-gapped to sep...
The State of Credential Stuffing Attacks Credential stuffing has become a preferred tactic among dig...
Second Quarter 2021 Net Revenues Increased 35% to $97 Million Year-Over-Year with Adjusted EBITDA Up 28% Year-Over-Year Company Reaffirms Revenue and Adjusted EBITDA Growth Trajectory for Full Year 2...
A proxy server provides a valuable boost to your internet security and privacy. Most people use a proxy server to hide their actual IP address and safeguard their location. If you’re using a proxy fo...
And the administrator of your personal details will be Threatpost, Inc., five Unicorn Park, Woburn, MOVING AVERAGE 01801. Detailed information on one of the processing of personal data is in the...
PRIVACY NOTICELast updated September 10, 2020Thank you for choosing to be part of our community at Hyde Media Group LLC, doing business as The Gatesville Messenger ("Gatesville Messenger", "we", "us"...
Last year, Facebook started a program called Discover, which builds on its Free Basics internet accessibility service. It offers users in some countries an allowance of free daily data to access any ...
Microsoft software products are a connective tissue of many organizations, from online documents (creating, sharing, storing), to email and calendaring, to the operating systems that enable business ...
Dallas Invents is a weekly look at U.S. patents granted with a connection to the Dallas-Fort Worth-Arlington metro area. Listings include patents granted to local assignees and/or those with a N...
MIRAT offers a 14-day Free Trial of its monitoring services returning to corporations, government departments, not-for-profit personnel, small and medium-sized enterprises , public relatio...
<! -- |""|class i|section i. existence|thesaurus of english words and phrases|words expressing abstract relations|%|1. being, in the abstract} Hackers targeting outd...
You could get any random wifi router for multiple devices, but if you’re looking for expert advice on choosing the best one for your needs then you’ve arrived at the right place. It doesn’t matter wh...
