Spotify data breach forces streaming platform to reset user passwords

Spotify data breach forces streaming platform to reset user passwords
Spotify, the leading digital music service provider, has reportedly reset the passwords for its user accounts after identifying a security error which might have exposed account data. The leading music streaming service disclosed the pertaining details through a data breach notification that was submitted to the Office of the California Attorney General, detailing what exactly happened, what all information was involved, and what all action has the company has taken to address this issue.

This breach follows recent news where approximately 300,000 Spotify accounts were said to have been hacked in the beginning of this year, with login credentials, email addresses, as well as other user account data being exposed.

The state law requires companies to inform residents whose unencrypted personal data might have been retrieved by unauthorized parties. If it has been essential to send a notification to nearly 500 Californian residents, then a sample of the notification should also be submitted to the attorney general of the state electronically.

The notification sample is dated 9th December 2020, but, Spotify estimates that the security flaw existed as far back as 9th April 2020, the flaw was discovered on 12th November 2020. The notification states that the affected users account registration information including their preferred display name, date of birth, gender, password, and email address, might have been exposed to some of the company’s business partners.

Besides resetting the passwords of affected users along with sending relevant notification emails to them, the firm states that an internal investigation has been directed and any specific business partners that had access to the data have further been contacted and requested to delete the information.

Meanwhile, users who have not yet received a password reset email and those who have been able to use Spotify without the need to reset or update their password might not have been affected by the data breach. Security experts quite often say that passwords for any given account need to be changed once in every 1 or 3 months.