“Again, while we are not aware of any unauthorized use of your personal information, as a precautionary measure, we encourage you to remain vigilant by monitoring your account closely,” Spotify’s statement added. The company urges users to update passwords for other accounts tied to the same email account. We take these obligations extremely seriously.” To address this issue, we issued a password reset to impacted users.
“Protecting our users’ privacy and maintaining their trust are top priorities at Spotify. “A very small subset of Spotify users was impacted by a software bug, which has now been fixed and addressed.” A statement from a Spotify spokesperson to Threatpost read. Now Spotify’s user data has been exposed again. “These credentials were most likely obtained illegally or potentially leaked from other sources.”Īt the time of that breach, Spotify initiated rolling password resets, leaving the database useless. “The exposed database belonged to a third party that was using it to store Spotify login credentials,” the firm said. Researchers at vpnMentor found an open and vulnerable Elasticsearch database with more than 380 Spotify user records, including login credentials. In this type of attack, threat actors bet on people reusing passwords they try stolen passwords and IDs on different services to gain access to a range of accounts. Just a week prior to that incident, in late November, Spotfiy was on the receiving end of a rash of account takeovers following a credential-stuffing operation. The incident during its highly publicized year-end Spotify Wrapped 2020 announcement of the year’s most popular streams. The announcement comes just a handful days after some of the streaming service’s most popular stars pages were taken over by a malicious actor named “Daniel” who used hijacked Spotify artist pages, including Dua Lipa and Pop Smoke, to proclaim his love of Trump and Taylor Swift.
“We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted.” Spotify Targeted “We take any loss of personal information very seriously and are taking steps to help protect you and your personal information,” the statement, released Dec.
0 kommentar(er)
