Single Spotify account breached in bizarre compromise, iOS user data reportedly safe
Spotify today announced that their serves has suffered breach, providing somebody somewhere unauthorized access to their systems and "internal company data". But in a strange twist, Spotify's internal investigation into the matter turned up evidence of only one user's data having been accessed, and that data did not include anything you might consider sensitive (e.g. password or payment information). While the breach has prompted Spotify to advise Android users to update their app, they aren't recommending any action for iOS or Windows Phone users.
While the single account breach is a different twist in a day and age when a breach in a service's systems often leads to millions of accounts being compromised (hello, eBay), it's good to see Spotify being proactive and forthright about this breach. Though when you're talking about just one person, it's a bit easier to handle.
The update to the Android app will be pushed over Google Play or the Amazon Appstore, the only two sources from which Spotify is adamant you should install from. Judging by the wording of their release on the breach, we wouldn't be surprised if a maliciously-modified version of Spotify was uploaded to and downloaded from a different source, leading to this breach in the first place. The nature of Android makes it easier for something like this to happen, while the locked-down ecosystems of iOS and Windows Phone make such malicious activity harder to pull off.
Though there's an update for Android, Spotify will be prompting certain users on all platforms to re-enter their username and password, purely as a precaution. Data breaches are serious business, and require increasingly serious reactions from the service providers, no matter how bizarre the circumstances.
Does this breach change your opinion of Spotify?