Spotify company is investigating unauthorized access to its systems and internal company data. Android users urge to update the app and change the password.
The popular Music streaming service Spotify is the last illustrious victim of hackers. The Swedish company today has issued an advisory to inform its the users of its Android app that it has suffered a data breach. The company in response is asking for its users to urgently upgrade the app and change the password.
“Hello, Spotify Android users. Our security team has become aware of some unauthorized access to our systems and internal company data and we wanted to let you know the steps we’re taking in response (and tell you how to get back onto Spotify if you’re having trouble logging in).As soon as we were aware of this issue we immediately launched an investigation. Information security and data protection are of great importance to us at Spotify.” states Spotify.
Spotify is an application available for Android and iOS OSs, the company also provides a desktop version and has more than 40 million active users. Spotify offers both a free service and allows paid subscription for more that 10 million users.
The company revealed a hacker had violated its systems accessing to the internal company data, according its early investigation only one account has been accessed in the data breach and there are no risks for tis financial information, payment details or password. The single user has been already contacted.
“Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial, or payment information,” added Spotify.
Spotify informed the Android app users that in the coming days it will logout them and will ask them to log-in again by re-entering their username and password.
Spotify hasn’t provided further details on the attack, it is still unknown how the attackers have compromise the database,there is the concrete possibility that they exploited a flaw in the Android app, because the company hasn’t still warned its iOS and Windows Phone users.
The company has announced an application update this week, probably to fix the flaw exploited by hackers.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.