Yesterday, the popular music streaming service, Spotify, announced the company had suffered a data breach and warned users to change their password and update their Android app.
Spotify is a commercial music streaming service that launched in October of 2008. The company was launched by Swedish start-up Spotify AB, and is a free app among mobile devices and desktop computers. The service has over 40 million active users, out of the 40 million, 10 million users are paid subscribers. Spotify offers offline listening, ad free playback, and a number of other features for premium paid subscribers.
Yesterday, Spotify announced that an attacker broke into their systems and gained unauthorized access to internal company data. The company announced that thus far only one of its customers accounts has been accessed since the data breach, but the company believes no harm to the users financial information, payment details or password have been affected.
“Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial, or payment information,” Spotify chief technology officer (CTO) Oskar Stål said in a blog post on Tuesday. “We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident.”
The company took immediate action and launched an investigation but do not believe users are at any extensive risk following the attack.
Spotify’s CTO, Oskar Stål said that the company takes such matter very seriously, and as a “general precaution” Spotify will be signing a number of users our of their mobile and desktop apps, requiring them to sign in and re-authenticate themselves. This will ensure customers private data remains safe.
The company noted an update for their Android app will be released this week to enhance security. “Please note that offline playlists will have to be re-downloaded in the new version,” Oskar Stål stated in the blog post. “We apologize for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users.”
Spotify did not release any information on how the attacker/s were able to compromise the system, but the Android app updates suggests Android app users are at risk. In the statement the company also says, “at this time there is no action recommended for iOS and Windows Phone users.”