Spotify issued a data breach notification to its users, warning that it had discovered unauthorized access to its systems and internal company data. According to the alert, which was emailed to all users, Spotify’s investigation only evidenced that “one Spotify user’s data has been accessed and this did not include any password, financial or payment information.”
Spotify is a popular digital music application that is available through a computer, smartphone, or tablet. Spotify provides access to millions of songs, either in streaming “radio” stations, ready-made playlists, or direct access to specific songs, artists, and albums. Users can either opt for a free version that contains some advertisements, or a premium version that is free of ads and permits unlimited downloading. At the end of 2013, Spotify announced that it had over 24 million users. According to Spotify’s website, 10 million of those users are presently paying customers for its premium version of the service.
As a precaution to the data breach, Spotify users had to re-enter their log-in and password information. All Android users of Spotify must install an updated version of the application and re-download all offline music. iOS and Windows users were not asked to update their applications or re-download music, thus suggesting that the data breach may have been specific to the Android version of the application. Spotify also promised its users that it is taking extra steps to strengthen its security systems.
There is no word yet whether any regulatory or legal action will result from Spotify’s data breach. We will keep you posted with any updates.