Spotify Security Bug Exposes Private User Info

Spotify CEO Daniel Ek
Andrew Burton /Getty

The music streaming service Spotify has reportedly reset an undisclosed number of user passwords after claiming that a software vulnerability in its systems exposed privacte user information to its business partners.

TechCrunch reports that the music streaming service Spotify has stated that it was forced to reset an undisclosed amount of user passwords due to a software vulnerability in its systems that exposed private account information to the company’s business partners.

Spotify filed a data breach notification with the California attorney general’s office stated that the data exposed “may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify.” The company did not name the business partners but added that it “did not make this information publicly accessible.”

Spotify stated that the security vulnerability existed as far back as April 9 but wasn’t discovered until November 12. Spotify did not elaborate on what the vulnerability was or how user account data became exposed.

The data breach notification stated: “We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted.”

A Spotify spokesperson confirmed that a “small subset” of Spotify users were affected but did not provide specific figures. Spotify has over 320 million users and 144 million subscribers.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address


Please let us know if you're having issues with commenting.