The Washington Post

Spotify says one user’s data accessed in breach

(Dado Ruvic/Reuters)

Streaming service Spotify is asking some users to re-enter their passwords after an apparent breach, according to a blog post published  by the Swedish company Tuesday. "We've become aware of some unauthorized access to our systems and internal company data," wrote Spotify chief technology officer Oskar Stål.

"Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial or payment information," the company said, adding that it had contacted the lone individual.

"Based on our findings, we are not aware of any increased risk to users as a result of this incident,"Stål continued, adding that the company would be asking Android app users to upgrade over the next few days and asking "certain Spotify users" to re-enter their usernames and passwords to log in to the service.

"At this time there is no action recommended for iOS and Windows Phone users," he wrote.

In an FAQ posted along with the blog post, the company said it did not believe the incident would affect users' phones and urged them to avoid "installing Android applications from anywhere other than Google Play, Amazon Appstore or"

Spotify has more than 40 million active users in more than 50 markets, according to Reuters. The company has long been rumored to be considering an IPO this year, although CEO Daniel Ek said there was "no rush" on the issue in a recent interview with Billboard in which he revealed that the company had 10 million paying customers.

Spotify isn't the only tech company to suffer a data breach. Online commerce giant eBay announced it would ask its 145 million users to change passwords last week — revealing a cyberattack had breached servers containing non-financial user data months earlier.

And retailers have also been hit with cyber attacks — including Target, which suffered an attack may have compromised the financial information of some 40 million customers during the height of the holiday shopping season last year. In April, craft store Michaels confirmed that the credit and debit card information of nearly 3 million customers who shopped at some stores during an eight-month period was stolen.

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Video curated for you.
Next Story
Andrea Peterson · May 27, 2014

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.