In the News
Spotify is the latest company leaving users confused after changing their passwords. In Spotify resets some account passwords citing ‘suspicious activity’, Zack Whittaker at TechCrunch discusses why some Spotify accounts had their passwords reset. Whittaker explains that Spotify contacted individuals stating that their accounts were made vulnerable to what is most likely an incident of credential stuffing. Whittaker highlights that additional information was not provided, but that impacted users took to Twitter to find more information. Whittaker concludes by explaining that Spotify’s practice of resetting passwords in this type of incident is prevalent.
Our Take
Getting a message from a company that your password has been reset might seem like an annoyance, especially when only a vague explanation for the action is provided. However, this type of communication between companies and their users helps to safeguard user accounts from the potential for information exposure or malicious activity. The attack method used in the Spotify incident, credential stuffing, is highly effective at infiltrating accounts and gaining access to the information inside. However, these types of attacks are easy to prevent. If you ensure that each of your accounts has a unique and secure password, attackers will not be able to use this attack vector to gain access to your accounts and information.
Recommendations
How can you secure your accounts and platforms?
- Understand the risks of putting your personal information into the world, and only share what you have to
- Use safe password practices when creating online accounts, and take advantage of Multi-factor Authentication where possible
- Utilize additional security/privacy measures and settings on apps, accounts, and platforms whenever possible
- Limit the number of accounts that have access to your financial payment option