Recently, a group of hackers allegedly gained access to over 300,000 Spotify accounts using a database of 380 million records containing login credentials and personal information gathered from various sources.
Now Spotify has been resetting some of its users’ passwords, sending out notifications reporting a major data breach. The breach, according to the company itself, had been active since April but was not discovered until November 12.
This breach has exposed users’ personal and intimate information. According to Spotify, the registration information of the affected accounts was exposed to the company’s business partners. However, the statement is sparse on details and does not specify which accounts or which partners were involved.
The security flaw is very sensitive in nature since it includes the names of account users, passwords, email addresses, and even the gender of the owner of the account.
An internal investigation has been launched to clarify what happened, and all Spotify business partners who may have potential access to this sensitive data have been asked. The objective is that all affected private data is removed and that these partners do not use it.
Spotify has not given figures on how many accounts were affected, nor has it said how many passwords were reset.