Spotify Data Breach May Have Exposed Usernames, Emails and Passwords

NOTICE: If you are a Spotify user, reside in California, and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777

spotify data breach On December 9, 2020, popular music streaming service Spotify notified an undisclosed number of users that their passwords were reset due to a data breach that exposed account registration information to business partners of the company.

While the cybersecurity incident does not appear to include payment details, the exposure of usernames or email addresses in combination with passwords is a potentially serious data breach addressed in the California Consumer Privacy Act (CCPA). Under the CCPA, affected individuals can collect from $100 to $750 for a company’s loss of this unencrypted personal information. 

On November 12th, 2020, Spotify discovered a software vulnerability in their systems beginning on April 9, 2020, that compromised users’ personal information, including:

  • Genders
  • Passwords
  • Dates of birth
  • Display names
  • Email addresses

Reportedly, Spotify has contained and remediated the situation. The company claims to have contacted all relevant business partners to verify that the data was deleted. Spotify declined to list the business partners involved.

Just last month, Spotify initiated a separate rolling reset of user passwords in response to an unrelated incident. Security researchers found an unsecured, unauthorized database containing 72 GB of stolen data, including 300,000 Spotify user passwords, likely intended for a credential-stuffing attack by hackers. This batch of compromised passwords reportedly did not originate with Spotify.

Launched in 2008 in Sweden, Spotify is a digital music, podcast, and video streaming service with more than 320 million users, 144 million of which are paid subscribers. Spotify offers more than 60 million songs and is available in most of Europe and the Americas, Oceania, and parts of Africa and Asia on most modern devices. Spotify's annual revenues are $7.44 billion USD.

NOTICE: If you are a Spotify user, reside in California, and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possibly developing legal options.