Users of the music streaming platform, Spotify, may have had their passwords reset after personal data was exposed to a third party businesses.
Spotify admitted to the breach in a notification to US officials and confirmed that a vulnerability in their systems had now been fixed. The issue had been in place since April with it only being discovered last month.
Personal details such as date of birth, email addresses, gender and passwords may have been affected. Passwords have been reset for affected customers.
In a statement Spotify said
“On Thursday November 12th, Spotify discovered a vulnerability in our system that inadvertently exposed your Spotify account registration information, which may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify. Spotify did not make this information publicly accessible. We estimate that this vulnerability existed as of April 9, 2020 until we discovered it on November 12, 2020, when we took immediate steps to correct it.”
“The personal information that may have been exposed included your Spotify account registration information, including email and password, gender, date of birth, and email address.”