Over the years, not just the technology has advanced, but the procedure and processes of committing the crime have also advanced. Stating about crime, here we are trying to put some light on cybercrime. Cybercrime is a criminal activity that either targets or uses a computer, a computer network or a networked device. Hacking is a term that is associated with cybercrime, and hacker and cybercriminal are words often used interchangeably to refer to those who perform some type of fraud or criminal activity on the Internet. In the past few years, such crimes and hacking attempts have increased drastically. Hackers are leveraging the power of technology to make their own benefits. The real danger now is not necessarily being hacked, but the lost ability to recover online accounts.

One such issue has recently popped up as a real problem for the Sweden-based digital music service provider Spotify. A cybersecurity research team recently discovered that over 300,000 Spotify accounts were the target of a credit stuffing operation. According to reports, a database leak leftover 300,000 accounts compromised, and hackers are currently selling information found on the database on the dark web. Researchers have found an unsecured internet-facing database containing over 380 million individual records, including login credentials that were leveraged for breaking into 300,000 to 350,000 Spotify accounts. The exposed records included a variety of sensitive information such as people’s usernames and passwords, email addresses, and countries of residence. As of now, both the origin and owners of the database remain unknown. However, the researchers were able to validate the integrity of the data by contacting Spotify, which confirmed that the information had been used to defraud both the company and its users.

Sonit Jain, CEO, GajShield Infotech says, “We have reached a stage in this digital era where even general information like our phone number which is now linked with all of our banking, non-banking and social activities is very sensitive. Companies storing even non-PII data must consider the effect of such a data breach on not only their business but also on their users. With technology to clone sim cards and such emerging tech, leak of Phone Number, Email ID and Password can be disastrous especially for the uses who use similar passwords across various platforms. Companies must take very serious data security initiatives to protect such data, monitor how it is being handled and prevent their exploitation. With more and more data breaches being reported regularly, it is time enterprise understand the sensitivity of such user data and re-look at their approach for data security.”

So what is lacking?
No organization wants that their precious data gets compromised, putting the business, customers and partners at risk. Every enterprise tries to make its products secured, yet data breaches, hacking, and cyber-attacks happen. So, it’s important to understand the most common causes of data breaches and what you can do to mitigate the threats they present.

It happens because of the security loophole, a vulnerability in software or program that enables an attacker to compromise the system and data pertaining to it. Here in the case of Spotify, it was credit stuffing that helped the attacker to make their move. Credit stuffing is when hackers take advantage of weak passwords and users may be repeating across several accounts. Hence, here the responsibilities get shared on both side, the users and the Spotify security team. Even the company is stating that the data breach is not because security was lax at their end, but because users were reusing passwords across different services.

What Spotify can do to prevent it?
Lack of two-factor authentication can be a potential reason for the recent mishap. Addition of this extra step, which would ask for a secondary form of verification (SMS, email, etc), could dramatically decrease security issues. The majority of large media platforms such as Google, Facebook, Instagram and even Amazon have this option available. Spotify, while innovative in many ways, does not have extra security functions currently in place.

What users can do to protect their personal data from hackers?
If you were one of the individuals affected by the data breach, you have probably received an email from Spotify to reset your password by now. So, reset the password, as soon as possible and set a strong password (a combination of alphabet and numeric) that is unique from any other social or professional account of yours. You can use several password generator and manager apps that are available over the internet.

Steps that organizations can follow to prevent future cyber-attacks
Monitoring Application Vulnerabilities – Attackers utilize software security weaknesses to damage a system and launch attacks. Hackers love to exploit software applications which are poorly written or network systems which are poorly designed or implemented, they leave holes that they can crawl straight through to get directly at your data. Data security starts by monitoring customer data for potential threats. Know what data you hold and where it is stored. After all, you can’t keep something safe if you don’t even know where it is. Monitoring customer data means staying ahead of potential cyberattacks. Think of it as being a watch guard that ensures the data is safe.

Regular Testing – Setting up a plan to regularly test your cybersecurity system is a great idea. This could include spot checks of various programs or full-blown mock attacks to see how the system and your employees respond. Testing can highlight issues and weaknesses, which allows you to make changes and corrections before a real attack hits.

Consistently Updating the Products – Setting up a cybersecurity plan doesn’t mean an organization’s work towards data security is over. Hackers and technology are constantly evolving, and your cybersecurity plan needs to adapt as well. Update your software and devices to the most current versions, regularly evaluate your approach to security and move to protect consumer data. You should always be looking around and towards the future for potential threats and then adapting appropriately.

Stay Updated with Compliance – Staying compliant not only helps the company avoid large fines, but it also signals to customers that your organization is aware of cybersecurity challenges and is working to protect their data and give power back to consumers.