Spotify Pushes Pw. Reset After Leak – Gurucul, Point3 And YouAttest Perspectives

The massively popular streaming service Spotify issued a data breach notice  stating data exposed “may have included email address, your preferred display name, password, gender, and date of birth only to certain business partners of Spotify.”

Experts Comments

December 14, 2020
Chloé Messdaghi
VP of Strategy
Point3 Security
Spotify is saying that only a small percentage of customers are affected, but their customer base is so vast that this could mean a thousand or a million people are affected. Breaches happen and loyal customers know this, but they expect transparency in order to preserve trust. The natural instinct is for an organization to withhold information after a breach, but there’s such a substantial gap between the time of exposure, April 9, and the date of discovery, Nov. 12, that real transparency.....Read More
Spotify is saying that only a small percentage of customers are affected, but their customer base is so vast that this could mean a thousand or a million people are affected. Breaches happen and loyal customers know this, but they expect transparency in order to preserve trust. The natural instinct is for an organization to withhold information after a breach, but there’s such a substantial gap between the time of exposure, April 9, and the date of discovery, Nov. 12, that real transparency is needed here. What kinds of account data has been exposed and how much of it? Spotify needs to hold themselves accountable.  Read Less
December 14, 2020
Saryu Nayyar
CEO
Gurucul
The Data Breach Notification from Spotify and related password reset, highlights how software bugs and internal misconfigurations can go undetected for months while representing an active security risk. The proper tools, including security analytics, can help reduce the chance of data breaches by revealing unintended access paths due to misconfigurations and buggy software.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.