• Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise with us
Search
Wednesday, January 20, 2021
  • About us
  • Advisory Board
  • Write for CISO MAG
  • Careers
  • Login
  • SUBSCRIBE
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG | Cyber Security Magazine
Cyber Security 2021
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG  - News and Updates| Cyber Security Magazine
  • Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • cybersecurity-budget

      A 21st Century Solution to Our Cybersecurity Skills Shortfall

      Artificial Intelligence

      Artificial Intelligence and Cybersecurity: A Double-Edged Sword

      Nissan data breach

      What the Automotive Industry Needs to Learn from Nissan’s Cybersecurity Error

      Phishing Campaign on FINRA

      Five Phishing Baits You Need to Know [INFOGRAPHIC]

      2021 Security Predictions

      2021 Security Predictions: Endpoint Security is of Utmost Importance

  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise with us
Home News Fine-tune Your Passwords! Researchers Find Hackers Targeting Spotify Users
  • News
  • Threats

Fine-tune Your Passwords! Researchers Find Hackers Targeting Spotify Users

By
CISOMAG
-
November 25, 2020
cybercriminal, music
SHARE

Security experts from vpnMentor uncovered a potential credential stuffing attack exploiting the personal data of Spotify users. The researchers found an unencrypted Elasticsearch database containing over 380 million records holding login credentials and other personal details of the music streaming service users. In credential stuffing attacks, cybercriminals take advantage of weak and reused passwords of consumers with the hope of eventually guessing correctly.

The threat actors behind the exposed database are unknown, however, they abused stolen login credentials to compromise Spotify accounts. “Working with Spotify, we confirmed that the database belonged to a group or individual using it to defraud Spotify and its users. We also helped the company isolate the issue and ensure its customers were safe from attack,” vpnMentor said.

Threat Summary:

Origin of the Database

vpnMentor’s researchers stated that the exposed database belonged to a third-party service provider that was using it to save Spotify users’ login details. It is found that attackers illicitly obtained user credentials from data breaches and from other sources.

“This is a common tactic used by cybercriminals to access private accounts on popular platforms like Spotify, and something the company — like most online businesses — has dealt with in the past, given the pervasive use of weak passwords by so many consumers online. Companies cannot prevent this from occurring since they do not control the passwords that consumers use (and re-use) online. But they can play a role by helping users regain control of their accounts and promoting safer password practices by users, which Spotify did in this case,” vpnMentor added.

Spotify notified the affected users to reset their passwords as a security measure.

  • TAGS
  • attackers
  • Credential stuffing attacks
  • Cybercriminals
  • data breach
  • Elasticsearch database
  • login credentials
  • Spotify
  • Spotify Users
  • unsecured database
  • VPNMentor
SHARE
Facebook
Twitter
Previous articleWith Cyberwars, Cyber Espionage has Reached New Level
Next articleMobile Malware Skyrockets in Asia, 97% of Transactions Found Fraudulent
CISOMAG
https://cisomag.eccouncil.org/

RELATED ARTICLESMORE FROM AUTHOR

Excellus to Pay $5.1 Mn to Settle Potential HIPPA Violations
News

Excellus to Pay $5.1 Mn to Settle Potential HIPPA Violations

Singapore cybersecurity
News

MAS Tightens Rules for Financial Firms in Singapore Post SolarWinds Cyberattack

News

FBI Warns Enterprises About Rising Vishing Attacks



EXCLUSIVE

Evolution of Insurance Fraud, BAE Systems Applied Intelligence

Episode #6: How Insurance Fraud is Evolving (and Anti-fraud Measures)

CISOMAG - December 21, 2020
0

FOLLOW US FOR MORE UPDATES

Follow @CISOMAG

Latest Issue is Out!

Cybersecurity 2021

Cyber security editorial calendar 2021

MOST POPULAR

Research Finds Increase in Botnet and Exploit Activity in Q2 2020

45% companies don’t have cybersecurity leader: Study

CISOMAG - December 11, 2017
s3 bucket security, Unacademy Suffers a Data Breach

Nearly half of companies have suffered a data breach in the past year: Survey

November 15, 2017
Messaging

Mobile messaging apps new hideout of Dark Web activities: Study

October 27, 2017
Kaspersky

NSA hacking code lifted from a personal computer in U.S.: Kaspersky

October 30, 2017

Instagram data breach! 49 million users’ sensitive data exposed online

May 23, 2019

RECENT POSTS

Excellus to Pay $5.1 Mn to Settle Potential HIPPA Violations

Excellus to Pay $5.1 Mn to Settle Potential HIPPA Violations

January 20, 2021
Singapore cybersecurity

MAS Tightens Rules for Financial Firms in Singapore Post SolarWinds Cyberattack

January 19, 2021

FBI Warns Enterprises About Rising Vishing Attacks

January 19, 2021

Why Apple Dropped macOS Big Sur Feature ‘ContentFilterExclusionList’

January 19, 2021
AjnaLens

AjnaLens – Making Augmented Reality a Reality

January 19, 2021
Cybersecurity News and Updates, Magazine
CISOMAG is the handbook for Chief Information Security Officer (CISO)s, CXOs, and every stakeholder of safe internet.
Contact us: [email protected]

EVEN MORE NEWS

Excellus to Pay $5.1 Mn to Settle Potential HIPPA Violations

Excellus to Pay $5.1 Mn to Settle Potential HIPPA Violations

January 20, 2021
Singapore cybersecurity

MAS Tightens Rules for Financial Firms in Singapore Post SolarWinds Cyberattack

January 19, 2021

FBI Warns Enterprises About Rising Vishing Attacks

January 19, 2021

POPULAR CATEGORY

  • News1885
  • Threats1057
  • Features314
  • Partnerships210
  • Governance168
  • Startups160
  • Interviews71
  • Terms of Use
  • Privacy Policy
  • Advertise with us
  • Contact Us
  • MASTERCLASS
© CISOMAG 2020
Edit with Live CSS
Save
Write CSS OR LESS and hit save. CTRL + SPACE for auto-complete.