- Aug 17, 2014
Spotify has alerted users that some of their registration data was inadvertently exposed to a third-party business partner, including emails addresses, preferred display names, passwords, gender and dates of birth. This is at least the third breach in less than a month for the world’s largest streaming service.
A statement from Spotify about the incident said the exposure was due to a software vulnerability that existed from April 9 until Nov. 12 when it was corrected.
“We take any loss of personal information very seriously and are taking steps to help protect you and your personal information,” the statement, released Dec. 9, read. “We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted.”
“A very small subset of Spotify users was impacted by a software bug, which has now been fixed and addressed.” A statement from a Spotify spokesperson to Threatpost read. “Protecting our users’ privacy and maintaining their trust are top priorities at Spotify. To address this issue, we issued a password reset to impacted users. We take these obligations extremely seriously.”
The company urges users to update passwords for other accounts tied to the same email account.
“Again, while we are not aware of any unauthorized use of your personal information, as a precautionary measure, we encourage you to remain vigilant by monitoring your account closely,” Spotify’s statement added. “If you detect any suspicious activity on your Spotify account, you should promptly notify us.” [...]