Music streaming giant believes flaw was present for about seven months
An unspecified number of Spotify users have had their passwords reset after their personal data was inadvertently exposed to business partners of the music streaming service.
Spotify said it had “contained and remediated” the data breach after discovering a security vulnerability in its system that revealed users’ account registration information to the third parties.
Exposed data may have included email addresses, display names, passwords, gender, and date of birth, said the music streaming giant.
In a breach notification (PDF) filed with California’s Attorney General on December 9, Spotify said it found the flaw on November 12, but “estimate[s] that this vulnerability existed as of April 9, 2020”.
Limited impact
The digital media service said this data was visible to “certain business partners of Spotify”, but insisted that the incident “did not make this information publicly accessible”.
“We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted,” continued the breach alert sent to affected individuals.
Read more of the latest security vulnerability news
“We have no reason to believe that any unauthorized use of your information has or will occur,” Spotify added.
However, the platform urged users “to change the passwords of all ..
Support the originator by clicking the read the rest link below.
