Spotify has begun what ZDNet described as a “rolling password reset” of some users’ accounts, after a report suggesting that as many as 350,000 people’s usernames and passwords (among other personal details) had been found on a public database. Note, this isn’t a security breach of Spotify itself.
“The third-party that created the database may have collated the records from other sources – such as stolen data dumps or another platform – for later use to hijack user accounts,” reported the tech publication.
Spotify was notified about the findings in mid-July and began resetting passwords then according to the article, although it’s only this week that news of the database has become public.