Spotify has reset passwords for a number of its users after identifying a security breach that could have exposed account data. The music streaming platform submitted a data breach notification to the California Attorney General’s office outlining what happened, the information involved, and the steps Spotify took to resolve the issue. It follows recent news that at least 300,000 Spotify accounts were hacked earlier this year, with email addresses, login details and other user data exposed.
California law requires organizations to notify residents whose unencrypted personal information may reasonably have been accessed by unauthorized parties. If it has been necessary to send a notification to more than 500 California residents, a sample of the notification must be submitted electronically to the state attorney general. That was the case for Spotify in this case, with the notification appearing to be in the form of a letter sent following a password reset email notification for each affected user.
Related: Spotify Packed Up: How Its Stats And Features Have Changed Over The Years
The sample notification is dated December 9, 2020, but, in it, Spotify estimates that the security vulnerability dates back to April 9, 2020 and indicates that it was discovered on November 12, 2020. It states that the information from The record of affected users – including their email address, preferred display name, password, gender and date of birth – may have been exposed to certain business partners. In addition to resetting affected users’ passwords and sending them notification emails, Spotify says that an internal investigation has been conducted and all business partners who may have had access to the data have been contacted and invited. to delete them if this should still be the case. Case.
Should Spotify users reset their passwords?
As reported, Spotify contacted the users affected by the breach and asked them to reset their passwords. Users who did not receive a password reset email and were able to continue using Spotify without needing to reset their password should not have been affected by the violation. Spotify also notes that it has “no reason to believe that unauthorized use of the information has taken place or will occur.”
However, the data breach notification associated with the recent apparent hack should give users some thought. While there is no reason to believe that Spotify has been the victim of any other breaches or hacks that it is not aware of, there is always a chance and the older a password, the more likely it is. to have been exposed. Security experts often say that passwords for any account should be changed every one to three months. While this may seem like a stretch, users of Spotify and other online services should be wondering when they last changed their password. If it was a long time ago, password changes may well be due.
Next: Spotify Vs. Apple Music Vs. YouTube Music: Which Is Better (And Cheapest)?
Source: California Attorney General’s Office
90 Day Fiancé: Tim’s GF Melyza hints she’s pregnant with twins, is she kidding?
–
