Spotify resets the passwords of an unknown number of users after a data breach that existed since April

Spotify has been sending data breach notifications to an unknown number of its users after discovering a data breach with personal and private information thereof. The company explains that the account registration information was exposed to certain Spotify business partners, but they do not explain how many accounts or to which partners exactly.

The exposed data include username that shows the service, email address, passwords, gender, and date of birth. Information that Spotify has not made publicly accessible.

The vulnerability existed since April but was not discovered until November 2020

The company claims to have discovered the vulnerability in its systems on November 12, 2020, however, they estimate that it existed at least since April 9, 2020. Spotify claims to have carried out an internal investigation and they have contacted everyone your business partners who may have had access to user information to ensure that any personal data is erased.

How to know on Spotify which are the songs and artists that you have listened to the most in 2020

Spotify has not disclosed how many user accounts were affected, or exactly which business partners the information was exposed to.

The other measure is that they have reset the passwords of the affected accounts, an undetermined number so far. A company spokesperson said it was only "a small subset."

Spotify says they "have no reason to believe that any unauthorized use of user information has or will occur." Likewise, users are urged to 'change all their passwords in services where they use the same email address and password as in Spotify.