Exploit: Credential Stuffing
Spotify: Streaming Music Service
Risk to Business: 1.668 = Severe Spotify has returned for another appearance with a credential stuffing disaster eerily similar. This time, data for approximately 100k users appeared in an Elasticsearch instance spotted by researchers. This is distinctly different data than the load that researchers discovered in November 2020.
Risk to Business: 1.802 = Severe No specifics were listed about the stolen data, but Spotify users should reset their account passwords and be on the lookout for spear phishing attempts.
Customers Impacted: 100K+
How it Could Affect Your Customers’ Business: Protection against credential stuffing is not something that a company like Spotify should struggle with. Suffering two credential stuffing incidents in one quarter shows a sloppy attitude toward security.
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.