[ad_1]
Cybersecurity experts discovered an insecure database containing more than 380 million individual records, including authentication credentials that were used online to compromise between 300,000 and 350,000 Spotify accounts. Romanian Eset blog, according to Agerpres.
According to the vpnMentor specialists who discovered the problem, the exposed data included a variety of sensitive information, such as usernames and passwords, email addresses, and countries of residence.
“This trove of data was stored on an insecure Elasticsearch server that was discovered by vpnMentor. Both the source and the owners of the database remain unknown. However, researchers were able to validate the accuracy of the data by contacting Spotify. , which confirmed that the information was used to defraud both the company and its users. To understand the full context, credential stuffing attacks are automated attacks that involve taking control of accounts. During the attack, cybercriminals use bots to overload sites with login attempts using stolen access credentials from previous data breaches, from other sites, until they find the right combination of authentication data to access a new website and gain access to the implementation of a multi-factor authentication method generally reduces the chances of being compromised or, but Spotify does not currently offer this option, “says Eset.
Also read: Adrian Streinu-Cercel: ‘He’s totally out of control! The government does not protect us! That is what we are talking about right now.
In the context of this discovery, the Swedes from Spotify were contacted, and within 11 days of the incident they took care of the issue and requested a password reset for all users affected by this situation.
Eset experts note that the continued success of “credential stuffing” attacks can largely be attributed to users with poor password-level security practices. Therefore, people often make a number of common mistakes when it comes to creating and using passwords, such as recycling them or even sharing passwords with others.
In fact, the list of the most common passwords in 2020 is easily led by the combinations “123456” and “123456789”.
“To protect the confidential data stored in your accounts, you should start by adopting a strong and unique password or even a passphrase. For your convenience, you can also use a password manager that will help you to generate and store all your passwords, remembering just a master password. For an additional level of security, also enable multi-factor authentication whenever possible, “the experts recommend.
Eset was founded in 1992 in Bratislava (Slovakia) and is one of the main companies that offers malware detection and analysis services, being present in more than 180 countries.
[ad_2]
