CyberNews Briefs

Up to 350,000 Spotify Users Targeted by Credential Stuffers

Spotify users have been targeted by credential stuffers in a massive attack campaign discovered by a team at vpnMentor on July 3. According to vpnMentor, the database contained hundreds of millions of user records and was hosted on a completely unsecured Easticsearch server. The database contained 72GB of information, including email addresses, usernames, passwords, countries of residence, and other personal information. Although there were roughly 380 million records, Spotify claims that only 300,000 – 350,000 users were directly affected.

The exposed database belonged to a third party who was using it to store stolen login credentials, likely obtained illegally or leaked for other sources. The third-party, which is remains unknown, was repurposing the data for credential stuffing attacks against Spotify. Spotify initiated a password reset for all of its users in an attempt to mitigate the risk before a serious cybersecurity incident occurred.

Read More: Up to 350,000 Spotify Users Targeted by Credential Stuffers

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.