Spotify Breach Hits Android Users

Music streaming service Spotfiy has disclosed a breach of its systems, but only a select group of customers appear to be affected, including Android device owners.

The company said it would start asking certain Spotify users to reset their username and password, and Android app users to upgrade over the next few days. It said iOS and Windows Phone versions were not affected.

Spotify hacked

Only one user was said to have had data compromised, but Spotify felt it necessary to take action anyway.

“We’ve become aware of some unauthorised access to our systems and internal company data,” said Oskar Stål, chief technology officer at Spotify, in a post on the firm’s website.

“Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial or payment information. We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident.”

Dwayne Melancon, CTO at Tripwire, said it seemed unlikely just one user’s credentials were affected.

“Had this been as simple as one user over-sharing their login credentials, it would not warrant an all-user notification. Given that Spotify claims that only one user’s data has been compromised, I suspect this was achieved via a re-usable, broadly applicable attack method perhaps affecting older versions of the Spotify app.

“My guess would be that someone demonstrated a proof-of-concept attack for the Spotify team and that constitutes the single known affected user.

“Users, particularly on the Android platform, should follow Spotify’s recommendation and ensure they are running up-to-date software.”

The attack has come just a week after eBay, the online auction giant, revealed it was hacked and asked all users to change their passwords.

Are you a security pro? Try our quiz!