Spotify has revealed that a data breach forced it to reset an undisclosed number of user passwords.
The music streaming company has filed a data breach notification with the California Attorney General’s office. In the notification, it said that the data that was possibly exposed included “email address, your preferred display name, password, gender, and date of birth”, and was disclosed “only to certain business partners of Spotify.” Although the names of the business partners were not revealed by the company, it said that these pieces of information were not made public by the company.
Spotify has said that this vulnerability was exposed on November 12th and it existed since as far back as April 9, 2020. However, no information was revealed about what the vulnerability was or how the data was exposed.
Spotify claimed that the company is running a serious investigation to correct itself. It said that it has contacted all of its business partners who may have had access to the information and have also asked to delete the information if they have any in their possession.
Spotify has also urged its users to change its password not only for the music streaming application but also for every other application in which users use the same email address and password. The company also asked its users to be vigilant while using their accounts and report any suspicious behavior.
This is the second time the company has changed its user passwords. Last month security researchers found an unsecured database containing around 380 million user data. The data included login credentials that were leveraged for breaking into 300,000 to 350,000 Spotify accounts. Reports of repeated data breach and vulnerability in its systems might not come as music to the ears of many regular users of the music streaming application.