Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Spotify Informs Users of Personal Information Exposure

Spotify this week started informing users that their personal information might have been inadvertently shared with some of the company’s business partners.

Spotify this week started informing users that their personal information might have been inadvertently shared with some of the company’s business partners.

In a data security breach notice filed with the California Attorney General, the streaming service revealed that it inadvertently exposed user data to business partners for several months.

“We deeply regret to inform you that your Spotify account registration information was inadvertently exposed to certain of Spotify’s business partners. Firstly, we want to apologize that there has been an incident,” the company told users.

Spotify also revealed that it identified the issue on November 12, adding that the data exposure was the result of a vulnerability in its system. The information, however, was not exposed publicly.

“We estimate that this vulnerability existed as of April 9, 2020 until we discovered it on November 12, 2020, when we took immediate steps to correct it,” the streaming service added.

Affected data might have included Spotify account registration information such as user email address and password, preferred display name, date of birth, and gender.

The company says it has conducted an internal investigation into the incident and that it has already contacted the business partners that may have accessed user data, to make sure that the leaked information was deleted.

“We take any loss of personal information very seriously and are taking steps to help protect you and your personal information,” Spotify noted.

The streaming service has also decided to reset the passwords for the affected accounts, to ensure that they are kept secure.

Spotify also claims that it has no reason to believe that the exposed information has been or will be used without authorization. Regardless, it does urge users to reset passwords for other accounts on which the same email address and password combination are used.

“Again, while we are not aware of any unauthorized use of your personal information, as a precautionary measure, we encourage you to remain vigilant by monitoring your account closely. If you detect any suspicious activity on your Spotify account, you should promptly notify us,” Spotify said.

Related: Belden Discloses Data Breach Affecting Employee, Business Information

Related: Private Prison Operator GEO Group Discloses Data Breach

Related: Law Firm Says Google Employee Information Compromised in Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...