Spotify is informing users that their personal information might have been inadvertently shared with some of its business partners for several months.
The company filed a notice of breach notice with the California Attorney General.
“We deeply regret to inform you that your Spotify account registration information was inadvertently exposed to certain of Spotify’s business partners. Firstly, we want to apologize that there has been an incident,” reads the notice of breach notice. “On Thursday November 12th, Spotify discovered a vulnerability in our system that inadvertently exposed your Spotify account registration information, which may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify”
The data was accidentally shared due to a vulnerability in its system that existed as of April 9, 2020.
The streaming service added that exposed data included Spotify account registration information such as user display name and password, email address, date of birth, and gender.
In response to the incident, the company reset user passwords and contacted the business partners that may have accessed user data and asked them to check that leaked data was deleted.
“We have no reason to believe that any unauthorized use of your information has or will occur, however, we urge you to change the passwords of all other online accounts for which you use the same email address and password. We apologize for any inconvenience this may cause” continues the notice.
The company recommends users to remain vigilant by monitoring their account closely and to report any suspicious activity on their account.
“Again, while we are not aware of any unauthorized use of your personal information, as a precautionary measure, we encourage you to remain vigilant by monitoring your account closely. If you detect any suspicious activity on your Spotify account, you should promptly notify us,” Spotify concludes.
(SecurityAffairs – hacking, data leak)