Spotify Resets Passwords after Security Bug Exposed Users’ Private Account Information
upstart writes in with an IRC submission:
Spotify said it has reset an undisclosed number of user passwords after blaming a software vulnerability in its systems for exposing private account information to its business partners.
In a data breach notification filed with the California attorney general's office, the music streaming giant said the data exposed may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify." The company did not name the business partners, but added that Spotify did not make this information publicly accessible."
Spotify said the vulnerability existed as far back as April 9 but wasn't discovered until November 12. But like most data breach notices, Spotify did not say what the vulnerability was or how user account data became exposed.
From the announcement:
We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted. We also rest your Spotify password to help keep your account secure.
Read more of this story at SoylentNews.