Spotify is probably the most popular music streaming software today. In 2019, Spotify recorded around 286 million users and continues to increase as years go by. Spotify is taking advantage of the massive shift to digital even in the music industry.
However, a report posted in Threatpost.com last February 4, 2021, shows that the music streaming service has been suffering a massive credential stuffing attack for the past 3 months. No monetary value yet is associated with the attack but based on the report, the fact that the credential stuffing attacks made successful logins, pose a greater cyber threat as the successful login combo can lead attackers to use such data to hijack higher account databases like bank accounts and such.
The importance of Passwords
As a way to remedy the annoying situation, Spotify sent password reset notices to their affected subscribers. Once again, the importance of proper login credential management speaks great importance.
Credential stuffing is a form of attack where an attacker uses a list of stolen usernames and passwords to create a successful login to a particular database – in this case, Spotify. They use bots to make login attempts and would create a log for successful logins. Since hijacking a Spotify account does not technically do much harm, it gives attackers access to precious data and can even use the credentials to attempt logins to a database like bank accounts.
That is why experts always advise to never use the same password. As much as possible, have a different password for each account. Use a password manager to keep your passwords safe. Also, take advantage of MFA or Multi-Factor Authentication. An MFA is a protocol to which a certain database asks for more information before letting someone log into an account. The user would need to enter data like a code sent to a phone number aside from the common username and password. This way, the database can ensure that it is the right user who makes the login attempt. MFA may add extra time whenever you log in, but it also adds a formidable layer of protection against attacks.
Taking things seriously
Security is a serious matter and our login credentials are also serious elements for a secured digital environment. We should really start taking things seriously in terms of password management.
Here at TrinSecurity, as part of creating an effective security system for your firm, we can help you manage crucial login credentials for your database. As much as possible, using data such as birthdays as a password is discouraged.