Spotify Resets Passwords After a Security Bug Exposed Users' Private Account Information

Jerry Rivers shares a report from TechCrunch, adding: “…and it took the music service seven months to notice.” From the report:

In a data breach notification filed with the California attorney general’s office, the music streaming giant said the data exposed “may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify.” The company did not name the business partners, but added that Spotify “did not make this information publicly accessible.” The company says the vulnerability existed as far back as April 9 but wasn’t discovered until November 12. It didn’t say what the vulnerability was or how user account data became exposed.

“We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted,” the letter read.

2 Likes