Spotify data breached for the third time in 2020

Edward Kost
Edward Kost
December 22, 2020

Music streaming titan Spotify has suffered its third data breach in the space of just a few weeks.

Spotify revealed in its official statement, that the account registration information of its users was inadvertently exposed to some of Spotify’s business partners.

The first Spotify breach occurred in late November where up to three hundred and fifty thousand user accounts were compromised after a successful credential stuffing attack

In a credential stuffing attack, cyber attackers attempt to login into accounts using credentials from different services accessed in historical data breaches. Since users are likely to recycle passwords, a single breach gives threat actors access to a swathe of services.

A week after this event, a cyber attacker calling himself“Daniel” compromised several celebrity Spotify pages, replacing their information with messages for people to follow him on Snapchat, signing off with “Trump 2020.”

Daniel also proclaimed his love for Taylor Swift in his messages and even replaced some artist profile images with those of Taylor Swift.

Users published evidence of compromised artist pages on Twitter.

Because this data breach exposed sensitive information to Spotify’s third-party network, and not cybercriminals, the breached data may not be used for sinister activities.

Let’s hope the recipients comply with Spotify’s earnest request to immediately delete all inadvertently disclosed sensitive data.

“We have conducted an internal investigation and have contacted all of our business partners that may have had access to your account information to ensure that any personal information that may have been inadvertently disclosed to them has been deleted.”

How secure is Spotify?

Spotify Technology S.A. is an international media services provider. It is legally domiciled in Luxembourg and is headquartered in Stockholm, Sweden.
  • Check icon
    View our free preliminary report on Spotify’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating