Spotify has reset the password of some users after detecting a leak of personal data to business partners, although it has stated that they have not detected unauthorized access to it.
The company has acknowledged in an email sent to those affected that the information they shared for the record on the platform has been “inadvertently exposed” to business partners, as TechCrunch has recorded.
The vulnerability that caused it was identified by Spotify on 12th of Novemberalthough they believe it has been around since early April. The company assures that it acted as soon as it was detected, and that it has already been corrected.
Due to this security issue, user registration information was exposed to business partners, such as email address, username, password, gender, and date of birth. It is personal information that the company says in the letter is not publicly accessible.
Spotify has contacted its commercial partners so that, if they have accessed such information, delete it. It has also reset the passwords of users, who are urged to change the password, especially if they share credentials with other services.
It also indicates that they do not have evidence of unauthorized access to the information, but they ask users to be vigilant, and that they find something suspicious to notify the company.