How do these fake Spotify accounts foster reputation damage? Here are a few examples: a) a minister whom the bad actor impersonates, then creates a death metal playlist that is public b) someone seeking employment the in law enforcement or information security and the bad actor makes a public playlist that includes songs like N.W.A.'s "F**** the Police, or c) a hip hop artist or rock and roll band whom the bad actor impersonates and then creates playlist with artists like Pat Boone. Why should you care about what seems to be a minor issue?ฤก) Permitting fake social media accounts to be created causes reputation damage to the targeted user by enabling impersonation. ![]() That is because as stated above, GMail corrected the shadow account problem. In my case, the fake Spotify account was created using the old GMail shadow account, which now points to my real account. Unfortunately, Spotify creates the account anyway, enabling bad actors to use email addresses that do not belong to them, as well as enabling them to impersonate the email address owners on Spotify. If the email account owner does not respond, the account creation should fail. Spotify sends a verification email to the target user's email account. Users can create impersonation Spotify accounts by entering any user's email address as the email address. It is an authentication and authorization failure. Saturday, I discovered a similar account verification flaw with Spotify. The difference is that when I reported my finding to GMail privately back then, they corrected it (). This happened because GMail had a similar security flaw that I am going to write about Spotify below. At the time, GMail's rules permitted the account to be created, and the bad actor was able to use my real account as the backup due to an account verification flaw. This account was identical to my real account, only missing 1 special character. A couple of years ago, I discovered that someone had created what I refer to as a GMail shadow account. Let me explain the background of this issue. ![]() I don't like posting things like this in public, but I want to call attention to a security issue with Spotify, an account verification flaw. Forgive me for making my first public LinkedIn article about a security issue that should have been handled in private.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |