Spotify has reset the passwords for an undisclosed number of user accounts following a security incident that led to personal information of its users being exposed to its business partners.

The streaming service discovered a vulnerability in its system that exposed user information such as email and password, gender and date of birth of users to its business partners.

Spotify disclosed the details of the security incident in a data breach notification filed with the California attorney general’s office as shared by TechCrunch .

According to Spotify’s data breach notification, the Spotify account registration information for some users was “inadvertently exposed to certain of Spotify's business partners.”

“On Thursday November 12th, Spotify discovered a vulnerability in our system that inadvertently exposed your Spotify account registration information, which may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify,” read the letter.

“Spotify did not make this information publicly accessible. We estimate that this vulnerability existed as of April 9, 2020 until we discovered it on November 12, 2020, when we took immediate steps to correct it,” it said.

“We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted. We also reset your Spotify password to help keep your account secure,” it added.

The incident was confirmed by Spotify spokesperson Adam Grossberg who told TechCrunch that a “small subset” of Spotify users were affected

This is the second security incident being reported for the platform recently. Spotify last month had reset passwords for some accounts after security researchers found an unsecured database that allegedly contained approximately 300,000 stolen user passwords, TechCrunch reported.

Though the exposed data was not due to an incident at Spotify, the company reset the passwords for affected user accounts, as per the report.

comment COMMENT NOW