Spotify, which has more than 320 million users and 144 million subscribers – far more than its closest rival, Apple – did not indicate how many users were affected. The Swedish company acted after attackers apparently tried to brute-force their way into Spotify accounts with username-password pairs discovered by security researchers in an unsecured cloud database containing around 300,000 stolen passwords. The disclosure comes less than a month after Spotify executed another password reset, on that occasion following credential stuffing attacks that probably leveraged the spoils of data breaches at other organizations. However, the platform urged users “to change the passwords of all other online accounts for which you use the same email address and password,” and alert them to any suspicious activity on their Spotify account. “We have no reason to believe that any unauthorized use of your information has or will occur,” Spotify added.
Read more of the latest security vulnerability news “We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted,” continued the breach alert sent to affected individuals. The digital media service said this data was visible to “certain business partners of Spotify”, but insisted that the incident “did not make this information publicly accessible”.
In a breach notification (PDF) filed with California’s Attorney General on December 9, Spotify said it found the flaw on November 12, but “estimate that this vulnerability existed as of April 9, 2020”. Spotify said it had “contained and remediated” the data breach after discovering a security vulnerability in its system that revealed users’ account registration information to the third parties.Įxposed data may have included email addresses, display names, passwords, gender, and date of birth, said the music streaming giant. Music streaming giant believes flaw was present for about seven monthsĪn unspecified number of Spotify users have had their passwords reset after their personal data was inadvertently exposed to business partners of the music streaming service.
0 kommentar(er)
