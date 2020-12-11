This security error that Spotify suffered exposed the information of the users’ private account

Spotify said it has reset an undisclosed number of user passwords after blaming a software vulnerability in its systems for exposing private account information to its business partners.

In a data breach notification filed with the California attorney general’s office, the music streaming giant said the exposed data “may have included email address, preferred display name, password, gender and date. birth certificate only for certain Spotify business partners. ” The company did not name the business partners, but added that Spotify “did not make this information accessible to the public.”

Vulnerability in Spotify

Spotify said the vulnerability had existed since April 9, but was not discovered until November 12. But like most data breach advisories, the company did not say what the vulnerability was or how user account data was exposed.

“We have conducted an internal investigation and contacted all of our business partners who may have had access to your account information to ensure that any personal information that was inadvertently disclosed to them has been removed,” it reads in the letter.

Spotify spokesman Adam Grossberg confirmed that a “small subset” of Spotify users are affected, but did not provide a specific figure. Spotify has more than 320 million users and 144 million subscribers.

This is the second time in as many months that the company has reset user passwords.

Last month, security researchers found an unsafe database, likely operated by hackers, that allegedly contained around 300,000 stolen user passwords. The database was likely used to launch credential stuffing attacks, in which lists of stolen passwords are compared to different websites using the same password.



