If you’re using Spotify, you’ll want to keep an eye on your inbox to see if you get a message asking you to change your login details. The company said TechCrunch it recently reset passwords for a small subset of its users after software monitoring exposed private account information to some of its trading partners.
In a deposit with California attorney general’s office, Spotify said that a person’s email address, display name, password, gender and date of birth may have been exposed due to the vulnerability. Spotify did not say which companies may have seen the information, but notes that it has contacted them to ask them to delete the data as soon as possible. He discovered the vulnerability on November 12, 2020, but suspects it had been around since April 9, 2020.