Companies typically don’t store user passwords in plaintext.
It’s not uncommon for companies to reset user passwords if they believe they are weak or easily guessed. Two people who commented on this Hacker News thread also said their passwords were unique, casting doubt on the veracity of a credential stuffing attack. Some used the same password across different websites and some used passwords unique to Spotify. We contacted several people who received the email reset message. In other words, Spotify says this is a credential stuffing attack, where hackers take lists of usernames and passwords from other breached sites and brute-force their way into other accounts. As a best practice, we strongly recommend users not to use the same credentials across different services to protect themselves.” When reached, Spotify spokesperson Peter Collins said: “As part of our ongoing maintenance efforts to combat fraudulent activity on our service, we recently shared a communication with select users to reset their passwords as a precaution.
Did someone hack in to listen to Justin Bieber or something? Spotify just reset my password due to 'suspicious activity'.
0 kommentar(er)
