May 27, 2014
Spotify Confirms User Was Hacked, Urges Others To Upgrade
Peter Suciu for redOrbit.com - Your Universe Online
It isn't often that a single user's problems prompt a company to issue warnings, but on Tuesday music streaming service Spotify told its Android device users to update their passwords after its service was hacked.
"We've become aware of some unauthorized access to our systems and internal company data and we wanted to let you know the steps we’re taking in response," Oskar Stål, CTO for Spotify, posted on the company's blog site on Tuesday. "As soon as we were aware of this issue we immediately launched an investigation. Information security and data protection are of great importance to us at Spotify and that is why I'm posting today."
Stål confirmed that only one Spotify user's data had been accessed. He added that this did not include any password, financial or payment information. The company has reportedly contacted this one individual.
"Based on our findings, we are not aware of any increased risk to users as a result of this incident," Stål added. "We take these matters very seriously and as a general precaution will be asking certain Spotify users to re-enter their username and password to log in over the coming days."
Spotify will also guide Android app users to upgrade over the coming days, and has asked users to follow the instructions. The service also suggested that users only install Android applications from Google Play, Amazon Appstore or directly from Spotify.
This new update will require that offline playlists will have to be re-downloaded in the new version. The company has apologized for any inconvenience this may have caused users, but noted that it is a precaution to safeguard the service while also protecting users.
The fact that Spotify is jumping on this is notable, especially given that data breaches have been a serious problem for many companies and their users.
"Following widespread security breaches as eBay, Target and the like, companies are wise to err on the side of transparency and take broad steps to ensure its user's information is safe," noted TechCrunch reporter Matt Burns. "The days are long gone of sweeping potentially harmful situations under the rug."
As of Tuesday it was reported that these actions are limited to just Android devices running the music streaming service. Spotify did not have any recommended actions for users on iOS and Windows Phone.
Compared to other recent security breaches Spotify seemed quick to respond.
"Spotify did a good job in this case," said Greg Sterling, principal analyst at Sterling Market Research. "It reacted quickly and was very transparent with users."
"Companies that seek to bury the news or avoid disclosure will likely see lots of negative consequences," Sterling told redOrbit. "Just look at Target and how much damage the company suffered because of its failure to act or be immediately transparent with customers."
Spotify is a privately held company, and launched in October 2008. Earlier this month it announced it has more than 40 million active users with more than 10 million paid subscribers.