Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Spotify Informs Users of Personal Information Exposure

Spotify this week started informing users that their personal information might have been inadvertently shared with some of the company’s business partners.

Spotify this week started informing users that their personal information might have been inadvertently shared with some of the company’s business partners.

In a data security breach notice filed with the California Attorney General, the streaming service revealed that it inadvertently exposed user data to business partners for several months.

“We deeply regret to inform you that your Spotify account registration information was inadvertently exposed to certain of Spotify’s business partners. Firstly, we want to apologize that there has been an incident,” the company told users.

Spotify also revealed that it identified the issue on November 12, adding that the data exposure was the result of a vulnerability in its system. The information, however, was not exposed publicly.

“We estimate that this vulnerability existed as of April 9, 2020 until we discovered it on November 12, 2020, when we took immediate steps to correct it,” the streaming service added.

Affected data might have included Spotify account registration information such as user email address and password, preferred display name, date of birth, and gender.

The company says it has conducted an internal investigation into the incident and that it has already contacted the business partners that may have accessed user data, to make sure that the leaked information was deleted.

“We take any loss of personal information very seriously and are taking steps to help protect you and your personal information,” Spotify noted.

Advertisement. Scroll to continue reading.

The streaming service has also decided to reset the passwords for the affected accounts, to ensure that they are kept secure.

Spotify also claims that it has no reason to believe that the exposed information has been or will be used without authorization. Regardless, it does urge users to reset passwords for other accounts on which the same email address and password combination are used.

“Again, while we are not aware of any unauthorized use of your personal information, as a precautionary measure, we encourage you to remain vigilant by monitoring your account closely. If you detect any suspicious activity on your Spotify account, you should promptly notify us,” Spotify said.

Related: Belden Discloses Data Breach Affecting Employee, Business Information

Related: Private Prison Operator GEO Group Discloses Data Breach

Related: Law Firm Says Google Employee Information Compromised in Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights