Spotify suffers security breach -- one user affected
In the light of recent events at eBay and Avast, when an Important Notice to Our Users appeared on the Spotify streaming music service's official news feed today you might have been forgiven for fearing the worst.
Oska Stål, CTO of Spotify writes, "We've become aware of some unauthorized access to our systems and internal company data and we wanted to let you know the steps we’re taking in response. As soon as we were aware of this issue we immediately launched an investigation". Read on, however, and you discover that only one user's data has been accessed and this didn't include any password, financial or payment details.
Kudos to Spotify then for going public on something that they could easily have kept to themselves. But as Stål goes on to say, "We take these matters very seriously and as a general precaution will be asking certain Spotify users to re-enter their username and password to log in over the coming days".
As a further step it will also be prompting Android users to upgrade their app, from which it's no great leap to deduce that the compromised data belonged to an Android user. It apologizes for the fact that offline playlists will need to be downloaded again in the new version.
It also warns that users should only download the app from the official Google or Amazon stores or direct from Spotify.
Stål concludes, "We have taken steps to strengthen our security systems in general and help protect you and your data -- and we will continue to do so. We will be taking further actions in the coming days to increase security for our users".
Given all of the security breach stories of recent days you could almost have forgiven Spotify for rolling out the upgrade and keeping quiet, so full marks to the company for owning up.
Oh, and if you were the one person affected please let us know!