Spotify Data Breach and Credential Stuffing: What To Do To Protect Users

Dan Benger
December 16th, 2020

Spotify’s users personal data has been exposed to third parties in a data breach. This includes emails addresses, display names, passwords, gender and dates of birth. Earlier this month, two additional account takeover incidents and credential stuffing attacks compromised Spotify’s security. Exposed personal data to unauthorized entities can lead to account takeovers, identity thefts and phishing scams. These, in turn, lead to malicious activity by cyber criminals like financial theft.

No company is cyber attack-proof. But you can mitigate the risks and protect your users by implementing a few best practices and simple tools.

 Here are three types of security threats and the measures companies can take to protect their users and customers.

1. Brute force attacks

In brute force attacks and credential stuffing, cybercriminals will try to systematically submit a large number of credentials into your system, until something sticks (success rate is usually 1% - 10%). Once the perpetrators are in, they will steal personal data and PII.

The solution: MFA, WAFs and alerting when data is sent outside the system

Solutions like MFA and WAFs can help prevent bad actors from entering your network. Zero Trust can help protect valuable assets and systems inside the network. But if a perpetrator has achieved access, it’s still not too late. Analyze user behaviour and identify and suspicious patterns. Configure automated alerts when data is being sent outside the system, and if necessary - block in real-time.

2. Phishing scams

Phishing scams are used by adversaries to try to gain access to user credentials by disguising themselves as a trustworthy entity. Phishing is often performed via email, but can also happen by phone, text message, or chat.

The solution: Employee education and monitoring unusual activity

Educate your employees to doubt any attempt to gain access to their personal data and threats of hacked accounts. Inside your network, monitor unusual user behavior like logins from unusual geographies and multiple login attempts. These could signal a bad actor is in the system and might send phishing emails to employees.

3. Data breaches

Data breaches might occur on other systems, but affect yours. Stolen PII and credentials could be used to try to attack your system. This could expose your customers, even though the breach did not occur on your watch.  

The solution: Bot protection and monitoring multiple sign up attempts

Utilize bots to identify malicious bots through methods like CAPTCHA and monitoring automated mouse movements. Monitor signups: Multiple sign ups to a single account or from unrecognized devices could indicate an attack attempt.

SecureNative’s security platform for preventing identity theft will protect your user. Gain 360 degree visibility into risky usage behavior patterns of your users, get alerted and block malicious accounts. Sign up for free.