The music streaming platform informed the Attorney General's Office in California about a infringement, describing the incident, what information was involved and what action has been taken to address the issue. The statement comes after recent reports that at least 300.000 Spotify accounts are believed to have been compromised, including email addresses, login credentials and more. data leaked.
Its legislation California requires organizations to inform residents whose unencrypted personal information may have been compromised by unauthorized parties. If the incident affects more than 500 California residents, a sample notice must also be submitted electronically to the attorney general. This was also the case with Spotify, where an email was sent.
Η notice was sent on December 9, 2020, but as Spotify states, the vulnerability dates from April 9, 2020 and was discovered on November 12, 2020. It states that users' registration information was affected, including their email address, name, password, gender, and date of birth. This data may have been exposed to specific business partners. Except reset affected user passwords and alerts, Spotify reports that an internal investigation has been conducted and that any business partners who may have had access to the data have been notified and asked to delete them.
Spotify has contacted users affected by the breach and asked them to reset their passwords as a protection measure. Those users have not received any relevant information and have normal access to the platform, have not been affected and do not need to do the same. Spotify also notes that it has "no reason to believe that any misuse of the information has occurred or will occur."
However, data breach notification is an issue that should not go unnoticed by users. Security experts at cyberspace, advise users to change their passwords every three months. This measure may sound a bit excessive, but research has shown that the older a code is, the more likely it is to have been leaked.