Spotify security breach hits just one user, but Android listeners encouraged to update app
A single Spotify user has become the victim of a security breach, the company said on Tuesday.
In a blog post, Spotify said it learned of “some unauthorized access to our systems and internal company data.” However, Spotify said the attacker accessed only one user's data, and doesn't appear to have taken any password, financial, or payment information from that user.
“We have contacted this one individual,” Spotify said. “Based on our findings, we are not aware of any increased risk to users as a result of this incident.”
Still, Spotify is asking all Android users to download a software update “as a precautionary measure against any potential ongoing risk.” In the coming days, the app will prompt all users to install the update, and may ask some users to re-login to the service. Spotify says users should be wary not to install updates from outside the Google Play Store, the Amazon Appstore or m.spotify.com.
Unfortunately, this update will delete all offline playlists. Spotify says this a necessary step to safeguard its service and users, but didn't get into details. Users of iOS and Windows Phone appear to be in the clear.
It's unclear what prompted the attack and whether it was specifically targeted at the one affected user, and Spotify doesn't seem eager to explain. In this case, Spotify isn't even suggesting that all users change their passwords. So for now, this is nothing more than a bizarre incident, one that stands out from the all-too-common hack and password reset we so often go through.