“Once we became aware of the situation, we issued password resets to all impacted users, which rendered the public credentials invalid.” “We recently protected some of our users against ,” the notice read. He also posted a Spotify statement on the incident that confirmed the attack. Researcher Bob Diachenko tweeted about the new Spotify attack on Thursday: “I have uncovered a malicious #Spotify logger database, with 100K+ account details (leaked elsewhere online) being misused and compromised as part of a credential stuffing attack.” Replay: A Second Credential-Stuffing Attack for Spotifyīack in November, cybercriminals attacked hundreds of thousands of Spotify users utilizing this approach, prompting the streaming music service to issue password-reset notices.
Attackers simply build automated scripts that systematically try stolen IDs and passwords (either gleaned from a breach of another company or website, or purchased online) against various types of accounts.Ĭybercriminals have successfully leveraged the approach to steal data from various popular companies’ customers, including big names like the North Face, Dunkin Donuts (which was also hit twice in three months) and popular chicken-dinner chain Nando’s. And last year, FC Barcelona’s official Twitter account was hacked in an apparent credential-stuffing attack. The service has forced password resets for impacted users.Ĭybercriminals carrying out credential-stuffing take advantage of people who reuse the same passwords across multiple online accounts. Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one.
0 kommentar(er)
