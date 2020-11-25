Expert Comments

Expert Commentary: Spotify Launches ‘Rolling Reset’ On Customer Accounts, Passwords Linked To Data Leak

Expert(s):
Expert(s):

Spotify has issued a rolling password reset to some user accounts following the discovery of an open Elasticsearch database containing user credentials. The 72GB database contained over 380 million records and some Spotify users have been impacted. It is estimated that roughly 300,000 to 350,000 accounts were embroiled in the leak, in which email addresses, Personally Identifiable Information (PII), countries of residence, and login credentials — both usernames and passwords — were available to view. The information was not encrypted. According to researchers, the origins of the database are unknown, but it does not belong to the music streaming service itself. Instead, the third-party that created the database may have collated the records from other sources — such as stolen data dumps or another platform — for later use to hijack user accounts.

Experts Comments

Dot Your Expert Comments
Keith Neilson
November 25, 2020
Technical Evangelist
CloudSphere
Threat actors are believed to have collected information.
An exposed database will often result in sensitive information being used by threat actors for nefarious purposes. Unfortunately, threat actors are believed to have collected information and created this database with over 380 million records. Without awareness in the cloud environment, any unnoticed change or update in policy risks customer data. To minimize the attack surface and prevent hackers.....Read More
An exposed database will often result in sensitive information being used by threat actors for nefarious purposes. Unfortunately, threat actors are believed to have collected information and created this database with over 380 million records. Without awareness in the cloud environment, any unnoticed change or update in policy risks customer data. To minimize the attack surface and prevent hackers from abusing personal data, businesses should invest in a platform with complete visibility into the cloud environment and real-time security posture monitoring to minimize the cloud attack surface and ensure data does not end up in the wrong hands. With the ability to remediate gaps in security in real-time, businesses can operate without fear of putting customer data in jeopardy.  Read Less

If you are an expert on this topic:

Dot Your Expert Comments
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Expert Insight On The Bluetooth Attack To Steal A Tesla...

Comment: Baidu Caught Collecting Sensitive Details From Android Users

Spoofed FBI Domains Pose Risk Of Cybercrime And Disinformation

Home Depot Reaches $17.5 Million Settlement Over 2014 Breach

Expert Advise In Relation To CISA Warns Of Holiday Online...

Expert Advise On Black Friday And Cyber Monday

Experts Warning And Advice On Black Friday Threats

Experts Insight On User Data Of Event Management App Peatix...

Experts Advise To Security Leaders For Computer Security Day –...

Experts Commenting On Hacker Posts Exploits For Over 49,000 Vulnerable...

Join the discussion with expert(s)

Save my name, email, and website in this browser for the next time I comment.

* By using this form you agree with the storage and handling of your data by this website.