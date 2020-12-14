14 December 2020 17:23 IST

In a notification filed in the U.S., Spotify said the account registration information was inadvertently exposed to some of its business partners.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Music-streaming service Spotify has reset undisclosed number of passwords after a vulnerability on platform exposed personal information of account users.

In a notification filed in the U.S., Spotify said the account registration information was inadvertently exposed to some of its business partners.

Advertising

Advertising

The exposed account registration information may have included email address, users’ preferred display names, password, gender, and date of birth.

According to Spotify, the vulnerability existed as of April 9, 2020 but was discovered on November 12, 2020. The Sweden-based firm has contained and remediated the incident.

However, it neither revealed the details of the vulnerability nor explained how data was leaked.

“We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted,” Spotify said in a statement.

“We also reset your Spotify password to help keep your account secure.”

Also Read Spotify to buy ad tech firm Megaphone to monetise podcasts

It also urged its users to change their passwords of all other online accounts for which they use the same email address and password, and asked users to inform Spotify if they detect any suspicious activity on their account.

Spotify has more than 320 million users and 144 million subscribers. This is the second instance of Spotify resetting users’ passwords in the last few weeks.

Last month, researchers discovered an unsecured database containing 380 million individual records, including login credentials to break into 350,000 Spotify accounts.