Exploit: Credential Stuffing
Spotify: Streaming Music Service
Risk to Small Business: 1.668 = Severe
Spotify has returned for another appearance with a credential stuffing disaster eerily similar. This time, data for approximately 100k users appeared in an Elasticsearch instance spotted by researchers. This is distinctly different data than the load that researchers discovered in November 2020.
Individual Risk: 1.802 = Severe
No specifics were listed about the stolen data, but Spotify users should reset their account passwords and be on the lookout for spear phishing attempts.
Customers Impacted: 100K+
How it Could Affect Your Customers’ Business: Protection against credential stuffing isn’t something that a company like Spotify should struggle with, and suffering two credential stuffing incidents in one quarter shows a sloppy attitude toward security.
Source:
https://threatpost.com/spotify-credential-stuffing-cyberattack/163672