2 min read

Spotify warns of unauthorized access to its systems, after Android user hacked

Graham CLULEY

May 27, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Spotify warns of unauthorized access to its systems, after Android user hacked

Whenever a company publishes a blog post called something like “Important notice to our users” you should know to sit up and listen. Chances are, it’s serious and might involve the site’s security and your privacy.

That’s exactly the kind of article which has been published on Spotify’s blog today by the music streaming service’s CTO Oskar StÃ¥l:

Part of the message read:

We’ve become aware of some unauthorized access to our systems and internal company data and we wanted to let you know the steps we’re taking in response. As soon as we were aware of this issue we immediately launched an investigation. Information security and data protection are of great importance to us at Spotify and that is why I’m posting today.

Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial or payment information. We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident.

We take these matters very seriously and as a general precaution will be asking certain Spotify users to re-enter their username and password to log in over the coming days.

Sounds like we can all breath a sigh of relief that passwords, and financial information wasn’t exposed as a result of the hack. But I would feel somewhat more comforted if Spotify showed greater openness revealing what had been accessed (even if it was just one user impacted), rather than simply detailing what had not.

It appears that the blame is being pointed firmly in the direction of the service’s Android app:

As an extra safety step, we are going to guide Android app users to upgrade over the next few days. If Spotify prompts you for an upgrade, please follow the instructions. As always, Spotify does not recommend installing Android applications from anywhere other than Google Play, Amazon Appstore or https://m.spotify.com/. At this time there is no action recommended for iOS and Windows Phone users.

At the time of writing, there are no recommended iOS and Windows Phone Spotify users.

Some big questions remain.

Was there a problem with Spotify’s Android app? Did it help a hacker gain access to a Spotify user’s account? Could other Spotify customers using the company’s Android app have had their accounts put at risk because of a vulnerability?

One hopes that Spotify might share more information once it has pushed out a new version of its Android app, and plugged any remaining security vulnerabilities.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read