Spotify stated it has reset an undisclosed variety of person passwords after blaming a vulnerability in its methods for exposing personal account info to its enterprise companions.
In a knowledge breach notification filed with the California lawyer normal’s workplace, the music streaming big stated the information uncovered “could have included e mail handle, your most well-liked show title, password, gender, and date of delivery solely to sure enterprise companions of Spotify.” The firm didn’t title the enterprise companions, however added that Spotify “didn’t make this info publicly accessible.”
Spotify stated the vulnerability existed way back to April 9 however wasn’t found till November 12. But like most knowledge breach notices, Spotify didn’t say what the vulnerability was or how person account knowledge turned uncovered.
“We have performed an inner investigation and have contacted all of our enterprise companions that will have had entry to your account info to make sure that any private info that will have been inadvertently disclosed to them has been deleted,” the letter learn.
Spotify additionally stated that the corporate has “no cause to imagine that any unauthorized use of your info has or will happen,” suggesting the incident is totally different from a separate incident involving Spotify person passwords disclosed final month, which prompted Spotify to additionally reset person passwords.
Security researchers discovered an unsecured database, possible operated by hackers, allegedly containing round 300,000 stolen person passwords. The database was in all probability used to launch credential stuffing assaults, through which lists of stolen passwords are matched towards totally different web sites that use the identical password.
A spokesperson for Spotify didn’t instantly reply to questions concerning the incident. We’ll replace if we hear again.
How to decode a knowledge breach discover