Spotify had reportedly reset the passwords of some of its users after they were accidentally exposed. Among the compromised information were names, passwords and date of birth of some of its business partners. The vulnerability had been in existence way back since April but wasn’t discovered until November.
The news comes from a data breach notification (document gotten by TechCrunch) which stated that Spotify filed with the California attorney general’s office.
Back in November 12th, the music streaming giant discovered the vulnerability in its system which inadvertently exposed some of its customer’s information to third-parties.
The company is said to have sent out an email broadcast to those affected requesting they reset their password. The information shared may have included other important details such as email address, display name, gender , password as well as date of birth.
The company estimates that the vulnerability might have been in existence long since April 9th 2020 which took a really long time before they “took immediate steps to correct it”.
Spotify hasn’t named the business partners that received the data, but notes that it contacted them to ensure that any customer information was deleted.
Of course, there’s no guarantee that unauthorized use of your information won’t take place, so if you used your Spotify password elsewhere then you should change it immediately.
Speaking with Engadget, a Spotify spokesperson said that a very subset of Spotify users were impacted by the software bug which is already fixed. He further stated that the company’s aims includes protecting and maintain its user’s privacy as well as trust. He also added that the company took the step of issuing a password reset to the impacted accounts which is an obligation in extreme cases.
Spotify has more than 320 million users and it’s unclear what percentage of those have been impacted by this. Also, the streaming giant never detailed how the vulnerability occurred even though it stated it had taken necessary measures so as to prevent repetition of such event.
Meanwhile this will not be the first or maybe not the last that such will happen to Spotify in recent months. The company back in November still had to reset some 350,000 passwords due to another data breach which was although due to a credential stuffing operation which isn’t directly the fault of the company.
Spotify worked with researchers after a credential stuffing operation was reported that put many customers at risk. This is why the use of good quality password software are good and the use of different passwords across different platform is very well advised just in case situations like this ever happen.