Sophos Cloud Optix
Spotify has notified users of its music-streaming app that the company’s systems and internal company data have been breached.
As a precaution, Spotify is asking Android users to upgrade to a new version of the app.
The compromise does not affect Spotify users on iOS or Windows Phone devices.
In a blog post today, Spotify CTO Oskar Stål said that the breach only affected one user, and the data compromised did not include any password, payment or financial information.
“Certain users” will be forced to re-enter their username and password to access the app in the coming days, according to the blog post.
But, Spotify says, all Android users should upgrade the app on their devices.
As an extra safety step, we are going to guide Android app users to upgrade over the next few days. If Spotify prompts you for an upgrade, please follow the instructions.
In an FAQ posted to the company’s website, Spotify said it has taken measures to secure its service, and upgraded the Android app to a new version.
The company also said it will be taking further steps to boost the security of its systems.
We have taken steps to strengthen our security systems in general and help protect you and your data - and we will continue to do so. We will be taking further actions in the coming days to increase security for our users.
Spotify said users who are not prompted to upgrade the app should download the new version themselves from trusted sources – Google Play, Amazon, or the Spotify mobile site.
A new Spotify version on Google Play was uploaded 27 May 2014 – the same day as the breach announcement.
The release notes say the app includes “housekeeping” to allow users to uninstall old versions of the app.
You can check within the app to see if you have the correct version by going to: Settings (shown as three horizontal lines)| About.
Unfortunately, the upgrade will force users of the premium (paid) app to re-download their offline playlists to the app.
Given the size of recent data breaches including eBay (138 million accounts), Target (40 million credit cards), and AOL Mail (500,000 accounts), forcing users to upgrade their apps and restore all their playlists due to the compromise of one user’s data may seem like overkill.
But the key here is caution.
Spotify users might be annoyed at the company for the inconvenience.
But it’s worth it for their own security.
Any ideas why the new app is about x7 bigger than the last one? Also identified as a low reputation app by Sophos mobile – maybe it’s a giant conspiracy *twitches*.