Spotify was recently the victim of a serious data breach. The breach was uncovered by computer researchers from Israel’s vpnMentor.
vpnMentor calls itself the authority on VPNs (Virtual Private Networks) and Web Anonymity. It promises to provide reliable advice, useful tips and VPN reviews on the best VPNs from our anonymity experts.
You may have heard about VPNs as something which people use to hide their Internet ID from websites. This can be done for many reasons, such as accessing content on websites like Netflix in parts of the world where they block their services.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at [email protected].
Thank you.
But private companies like Spotify also use such services to provide their employees with virtual access to their networks. In this way people can work on the same network from anywhere in the world. But this can lead to cyber security threats.
Remember a few years ago when Sony had countless e mails leaked after they were hacked by people in North Korea? Well this is the worst nightmare of any service provider, from credit card companies to entertainment ones like Hulu and Spotify. They hold massive amounts of private information belonging to their customers and must ensure that this information remains secure from outside threats.
–
–
Spotify potentially targeted in fraud via stolen login credentials from users. Find out who was affected and what you can do to stay safe. https://t.co/MmkLMMPAf6
— vpnMentor (@vpnmentor) November 23, 2020
And if you are annoyed by different websites adding new requirements for more complicated passwords, don’t be. When people use simple passwords all the time like 1234 or just their names it not only leads them open to hacking and identity theft, they also provide hackers with a way into a company’s data base to steal other information too.
Led by Noam Rotem and Ran Locar, vpnMentor’s research team says that it discovered a possible credential stuffing operation whose origins are unknown, but that affected some online users who also have Spotify accounts. Credential stuffing is a hacking technique that takes advantage of weak passwords that consumers use.
vpnMentor uncovered an Elasticsearch database containing over 380 million records, including login credentials and other user data being validated against the Spotify service.
The company has not yet determined the origins of the database and how the hackers targeted Spotify, but thinks that they were possibly using login credentials stolen from another platform, app, or website and using them to access Spotify accounts.
Working with Spotify, vpnMentor confirmed that the database belonged to a group or individual using it to defraud Spotify and its users and helped the company isolate the issue and ensure its customers were safe from attack.