E-mail addresses, display names, passwords and dates of birth were among the personal information exposed by the music service after suffering a third data breach since November.
Spotify stated that the exposure was due to a software vulnerability that occurred from April until it was rectified mid-November this year. The first incident occurred when threat actors gained access to user accounts following a credential attack. To combat this, Spotify sent out password resets to the affected customers. The second incident occurred when popular music artists, such as Dua Lipa and Pop Smoke, had their pages hijacked. A malicious actor used the pages to advertise his social media channels (like Snapchat), make political statements, and state his adoration of Taylor Swift.
This time, a number of Spotify users were hit with a software bug. Impacted users had their passwords reset, and were encouraged to update passwords for other accounts tied to the e-mail they use for their login credentials. Cyber threats like these can have a massive, wide-reaching impact on victims. Hackers can manipulate credit card numbers, mess with personal data or customer-facing data, as well as impersonating an individual online.
While password protection is great for a person to utilize on their own, it’s really businesses that need to be proactive in maintaining security for their clients. Securing consumer trust can make or break an organization when identity theft occurs. To do this, businesses should have their own cybersecurity defenses in order to protect customer data.
If you’re looking to get more information about Managed Security Services, check out our sheet below. To contact SkyPort IT today, call 585-582-1600 or visit our contact page.
Who’s Got Your Data?
Written by Emily M.