Spotify this week started informing users that their personal information might have been inadvertently shared with some of the company’s business partners.
In a data security breach notice filed with the California Attorney General, the streaming service revealed that it inadvertently exposed user data to business partners for several months.
“We deeply regret to inform you that your Spotify account registration information was inadvertently exposed to certain of Spotify’s business partners. Firstly, we want to apologize that there has been an incident,” the company told users.
Spotify also revealed that it identified the issue on November 12, adding that the data exposure was the result of a vulnerability in its system. The information, however, was not exposed publicly.
“We estimate that this vulnerability existed as of April 9, 2020 until we discovered it on November 12, 2020, when we took immediate steps to correct it,” the streaming service added.
Affected data might have included Spotify account registration information such as user email address and password, preferred display name, date of birth, and gender.
The company says it has conducted an internal investigation into the incident and that it has already contacted the business partners that may have accessed user data, to make sure that the leaked information was deleted.
“We take any loss of personal information very seriously and are taking steps to help protect you and your personal information,” Spotify noted.
The streaming service has also decided to reset the passwords for the affected accounts, to ensure that they are kept secure.
Spotify also claims that it has no reason to believe that the exposed information has been or will be used without authorization. Regardless, it does urge users to reset passwords for other accounts on which the same email address and password combination are used.
“Again, while we are not aware of any unauthorized use of your personal information, as a precautionary measure, we encourage you to remain vigilant by monitoring your account closely. If you detect any suspicious activity on your Spotify account, you should promptly notify us,” Spotify said.