Users of the famous streaming service, Spotify, had to face a data breach. Spotify alerted the members about the same and requested them to change their passwords in the wake of the incident. Spotify members also suffered two other breaches in less than a month.
The latest data breach in Spotify is the third to follow in the past few weeks
The breach exposed some of the user’s registration data to a third-party business partner of Spotify. The exposed data includes the member’s display name, email address, password, date of birth, and gender. According to officials, a software vulnerability (which existed between April and November) caused this exposure.
Spotify is conducting an internal investigation while simultaneously contacting their business partners. The latter step will ensure that any of user’s personal information that may have been disclosed inadvertently be deleted right away.
In November, the platform was victim of a credential stuffing operation. In this type of cyber attack, hackers steal user’s account credentials, mainly consisting of their email address, username, and their corresponding passwords. The hackers then use the stolen credentials to gain access to the user’s account in an unauthorized manner. Those who reuse their passwords are most vulnerable to cyber stuffing.