Spotify is informing users that their personal information might have been inadvertently shared with some of its business partners for several months.
The company filed a notice of breach notice with the California Attorney General.
“We deeply regret to inform you that your Spotify account registration information was inadvertently exposed to certain of Spotify’s business partners. Firstly, we want to apologize that there has been an incident,” reads the notice of breach notice. “On Thursday November 12th, Spotify discovered a vulnerability in our system that inadvertently exposed your Spotify account registration information, which may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify”
The data was accidentally shared due to a vulnerability in its system that existed as of April 9, 2020.
The streaming service added that exposed data included Spotify account registration information such as user display name and password, email address, date of birth, and gender.
In response to the incident, the company reset user passwords and contacted the business partners that may have accessed user data and asked them to check that leaked data was deleted.
“We have no reason to believe that any unauthorized use of your information has or will occur, however, we urge you to change the passwords of all other online accounts for which you use the same email address and password. We apologize for any inconvenience this may cause” continues the notice.
The company recommends users to remain vigilant by monitoring their account closely and to report any suspicious activity on their account.
“Again, while we are not aware of any unauthorized use of your personal information, as a precautionary measure, we encourage you to remain vigilant by monitoring your account closely. If you detect any suspicious activity on your Spotify account, you should promptly notify us,” Spotify concludes.
(SecurityAffairs – hacking, data leak)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.