"Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months"

Spotify is being affected by another credential-stuffing cyberattack, just three months after the last one.  A researcher named Bob Diachenko on Thursday uncovered a malicious #Spotify logger database, with 100K+ account details (leaked elsewhere online) being misused and compromised as part of a credential-stuffing attack.  As many as 100,000 of the music streaming service’s customers could face account takeover.  Spotify stated that the attacks were carried out using an ill-gotten set of data and the organization worked to have the fraudulent database taken down by the ISP hosting it.  Spotify has notified the users affected by the attack and has made the users change their passwords.  Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same passwords across multiple online accounts.  Attackers build automated scripts that systematically try stolen IDs and passwords against various types of accounts.

Threatpost reports: "Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months"