updated 01:02 pm EDT, Tue May 27, 2014
Intrusion of Spotify servers involved one account, payment details protected
Music streaming service Spotify is warning users of an intrusion on its servers, though it appears an extremely limited amount of data was acquired. The company claims that, though user data was potentially at risk, only one Spotify user's data had been accessed in the intrusion, with the company taking steps to mitigate similar intrusions by asking users to upgrade their mobile apps.
Spotify claims the data accessed from the single account did not include any financial or payment details, nor the user's password. As a precaution, it is asking "certain Spotify users" to re-enter their username and password in the coming days. Android users will also be asked to upgrade, with the company advising only to install the app from Google Play, Amazon Appstore, or from the Spotify mobile site. As a consequence, offline playlists will need to be re-downloaded. There are currently no instructions for Windows Phone and iOS users.
"We apologise for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users," writes CTO Oskar Stål on the company blog.
The attack on Spotify comes less than a week after eBay's data breach. While the Spotify breach is limited in scale compared to eBay, the actions of the service could be considered a transparent move by the company over what could be considered by other services as an extremely minor issue.
Spotify has reportedly contacted the lone account holder affected by the intrusion.