Spotify has warned its users that some of their registration data had been inadvertently leaked to a third-party business partner, marking the third hack in the past few weeks of the world’s most popular streaming service.
Spotify explained that the leaked data includes email addresses, preferred display names, passwords, gender, and dates of birth.
Spotify said in a statement about the leak: It was due to a flaw in the program that existed during the period between April 9 and November 12 of this year, and the flaw was corrected upon discovery.
“We take any loss of personal information very seriously, and we are taking steps to help protect you and your personal information,” the statement read. We have conducted an internal investigation and contacted all of our business partners who may have access to your account information to ensure that any personal information that may have been unintentionally disclosed to them has been deleted.
The announcement comes a few days after a hacker called Daniel seized the pages of some of the most famous stars of the podcast service, then used artist pages, including Pop Smoke and Dua Lipa, to announce his love for Donald Trump and Taylor Swift.
Just a week before the aforementioned incident, and specifically in late November, hackers tried to take over user accounts through the extensive entry of credentials. In this type of attack, the attackers bet on people who reuse passwords and try to use stolen passwords and identifiers in various services with the aim of hijacking accounts that use that data.
Researchers at information security company vpnMentor found a leaked database containing more than 380 records of Spotify users, including: Login credentials.
The company said: “The exposed database belonged to a third party that was using it to store the credentials to log into Spotify.” She added, “It is likely that these credentials were obtained illegally, or may have been leaked from other sources.”
After discovering the hack, Spotify began to reset passwords, rendering the database useless. And now the database has been leaked to service users again. The company encourages users to update passwords for other accounts associated with the same email account.