Spotify Hacked! Android Users Take Note
Hot on the heels of news that eBay fell victim to a massive security breach, a new post on Spotify’s blog says that the music streaming service has likewise been hit. According to the post, the company has “become aware of some unauthorized access to our systems,” which prompted the launch of an investigation. The upshot here? Android users shouldn’t download the Spotify app from anywhere but Google, Amazon, or Spotify itself.
While the eBay hack forced the company into urging its users all over the globe to change their passwords, the situation for Spotify seems to be far less urgent. Oskar Stål, Spotify’s Chief Technology Officer, explains that all users will have to do is re-enter their login information at some point over the next few days.
“Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial or payment information,” writes Stål. “We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident.”
It would appear that the person may have downloaded a version of the Spotify app from an unofficial source, which might have included some form of malware that had compromised his security. That could be why Stål urges caution in terms of where Android users get their apps:
“As an extra safety step, we are going to guide Android app users to upgrade over the next few days. If Spotify prompts you for an upgrade, please follow the instructions. As always, Spotify does not recommend installing Android applications from anywhere other than Google Play, Amazon Appstore or https://m.spotify.com/. At this time there is no action recommended for iOS and Windows Phone users.”
This kind of trouble can happen for Android users, since the OS allows for apps to be downloaded from third-party sources. This is great for users who want to stray from the beaten path, and might want to grab apps that don’t appear on Google’s storefront. The bad news, of course, is that increases the likelihood that the app will be tainted with bad mojo, packing malware that can infect your phone.
That said, apps infected with malware have even been found on Google Play, meaning that, really, nowhere is safe. In the end, try to get apps from developers you know to be the real deal. If you’re looking for a huge app like Spotify, make sure that the app actually comes from Spotify – not one of the other developers who happen to use the word Spotify in the name of their apps, but actually aren’t affiliated with the company.
It’s a scary world out there. Don’t be a dummy and download the wrong app.
[Spotify Blog]