Spotify forces more password resets after plugging a security hole

If you use Spotify, you’ll want to keep an eye on your email inbox to see if you get a message prompting you to change your login credentials. The company told TechCrunch it recently reset the passwords of a small subset of its users after a software oversight exposed private account information to some of its business partners.

In a filing with California’s attorney general office, Spotify said a person’s email address, display name, password, gender and date of birth may have been exposed as a result of the vulnerability. Spotify didn’t say what companies may have seen the information, but it does note that it got in touch with them to ask them to delete the data as soon as possible. It discovered the vulnerability on November 12th, 2020, but suspects it had existed since April 9th, 2020.