Connect with us

Hi, what are you looking for?


Data Protection

Spotify Informs Users of Personal Information Exposure

Spotify this week started informing users that their personal information might have been inadvertently shared with some of the company’s business partners.

Spotify this week started informing users that their personal information might have been inadvertently shared with some of the company’s business partners.

In a data security breach notice filed with the California Attorney General, the streaming service revealed that it inadvertently exposed user data to business partners for several months.

“We deeply regret to inform you that your Spotify account registration information was inadvertently exposed to certain of Spotify’s business partners. Firstly, we want to apologize that there has been an incident,” the company told users.

Spotify also revealed that it identified the issue on November 12, adding that the data exposure was the result of a vulnerability in its system. The information, however, was not exposed publicly.

“We estimate that this vulnerability existed as of April 9, 2020 until we discovered it on November 12, 2020, when we took immediate steps to correct it,” the streaming service added.

Affected data might have included Spotify account registration information such as user email address and password, preferred display name, date of birth, and gender.

The company says it has conducted an internal investigation into the incident and that it has already contacted the business partners that may have accessed user data, to make sure that the leaked information was deleted.

“We take any loss of personal information very seriously and are taking steps to help protect you and your personal information,” Spotify noted.

Advertisement. Scroll to continue reading.

The streaming service has also decided to reset the passwords for the affected accounts, to ensure that they are kept secure.

Spotify also claims that it has no reason to believe that the exposed information has been or will be used without authorization. Regardless, it does urge users to reset passwords for other accounts on which the same email address and password combination are used.

“Again, while we are not aware of any unauthorized use of your personal information, as a precautionary measure, we encourage you to remain vigilant by monitoring your account closely. If you detect any suspicious activity on your Spotify account, you should promptly notify us,” Spotify said.

Related: Belden Discloses Data Breach Affecting Employee, Business Information

Related: Private Prison Operator GEO Group Discloses Data Breach

Related: Law Firm Says Google Employee Information Compromised in Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.