Spotify has reset the password of some users after detecting a leak of personal data to commercial partners, although it has affirmed that they have not detected unauthorized access to it.
The company has acknowledged in an email sent to those affected that the information they shared for registration on the platform has been “inadvertently exposed” to business partners.
The vulnerability that caused it was identified by Spotify on November 12, although they believe it has been around since the beginning of April. The company assures that it acted as soon as it was detected and that it has already been corrected.
Due to this security issue, user registration information was exposed to business partners, such as email address, username, password, gender, and date of birth. It is personal information that the company says in the letter is not publicly accessible.
Spotify has contacted its commercial partners so that, if they have accessed such information, they will delete it. It has also reset the passwords of users, who are urged to change the password, especially if they share credentials with other services.
It also indicates that they have no record of unauthorized access to the information, but ask users to be vigilant, and who find something suspicious to notify the company.