DTX Manchester DTX Manchester
  • About Us
Monday, 18 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Spotify passwords stored on a cloud database by a hacker with no password

Hackers stored stolen Spotify passwords on an unlocked cloud database

by Jade
November 24, 2020
in Cyber Bites
Spotify on a mac book
Share on FacebookShare on Twitter

Hackers who stole 350,000 Spotify passwords stored them on a cloud server without a password. The hackers access the passwords using a cache of login credentials stolen from other data breaches, as all of the the users who had their Spotify passwords stolen were reusing the same password acorss multiple accounts- the biggest error of password security.

The hackers who stole the passwords then fell victim to a similar security faux pas, as they saved the passwords on an unsecure cloud database. This meant that anyone with a web browser was able to see the data base without needing a password to access it.

Hicham Bouali EMEA presales engineer at One Identity, clarified that the data breach was not on Spotify’s end: “Here, attackers just managed to find out that a stolen database (coming from somewhere else) with the combination of Username/Password could be verified against Spotify via credential stuffing.”

As users very often juggle lazily with the same password for their different online accounts, cybercriminals use Botnets, computer bots, to test thousands of combinations of IDs and passwords on well-known services. To prevent this type of attack, or any Password related attack (brute Force, Password Spraying…etc.), the best solution is implementing multifactor authentication wherever possible.”

Chris Clements, vice president of solutions architecture at cybersecurity software company Cerberus Cyber Sentinel, however, explained that not all the blame should be on those who lack in creativity: “It’s easy to blame users for poor password hygiene, but the reality is that it’s very difficult to choose a single strong password. Even harder is to do so for every online account they might have and then keep up with them all.”

For this reason, Clement advises users to rely on password managers: “Password managers do a great job at alleviating this problem, but the free ones built in to mobile devices or web browsers can present a problem for users if they need to log into an account from a different type of device, for example the built-in Apple Keychain password manager works great on iPhones or Mac computers but not on Microsoft Windows PCs. Third party password managers can solve this problem, but often require a subscription for use. There are a few that offer free tiers as well as open source options such as Bitwarden that offer good solutions.”

 

 

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

How You Can Stay Safe Whilst Gaming Online

Next Post

Tesla’s bluetooth vulnerabilities mean X models can be stolen in a matter of minutes

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

game

400,000 customer details compromised in Resident Evil and Street Fighter gaming company ransomware attack

January 15, 2021

XSS vulnerability affects government websites

January 15, 2021

COVID-19 State of Remote Work Survey: 34% of Workers Felt Pressure to Return to the Office

January 15, 2021
CCTV used to spy

Ethics Officer Facing Cyberstalking Charge

January 15, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept