There is a Cyber Incident that involves Spotify which the software vulnerabilities in its system that have been leaking the User Private Information to its business partners. As a result, Spotify is been forced to reset the software/application password for all of their customers users
Spotify have explained the vulnerabilities as follows
On Thursday November 12, Spotify discovered a vulnerability in our system that inadvertently exposed your Spotify account registration information, which may have included an email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify,
Aside from the action where Spotify need to reset the user’s password, they also contacted all of those partners to deleted all the exposed customer information.
Spotify have mentioned that the vulnerability have existed around April 9 but the vulnerabilities just been discovered until November 12. On the late Novembers, and security researchers have found a cloud database that been leak which it contains around 350,000 Spotify users logins that might be likely been a part of a campaign of credential stuffing.
Adam Grossbery, Spotify spokesperson have been verify that
A “small subset” of Spotify users are affected but did not provide a specific figure. Spotify has more than 320 million users and 144 million subscribers.
For the affected user’s, it been recommended to not re-use the password for Spotify because it can be considered as dangerous where it might have been exposure to the wrong hands. As a result, the attacker might be using brute-force attack method on the database which contain a valid username and password.