Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spotify Announces Single User Hacked, No Personal Data Stolen

Posted by Soulskill on from the if-you're-going-to-have-a-data-breach,-this-is-a-good-way-to-do-it dept.

An anonymous reader writes "On the Spotify company blog, CTO Oskar Stål apologized to users and said there has been a security breach at Spotify, where some systems and internal company data was accessed without permission. Evidence given suggests only one Spotify user's account was accessed and that no security or payment information was taken. As a security step, Spotify has announced they are releasing an updated Android application over the coming days, as well as requiring some users to re-enter their login details."

7 of 50 comments (clear)

  1. This sounds like a proof of flaw 'hack'. by Isca · · Score: 4, Insightful

    1 account only was hacked? This sounds like someone who was trying to prove that a flaw exists in their security. I'm guessing there is more to this story to come - this sounds like they are setting things up to go after this 'hacker'' that caused the security breach. If it was someone trying to do something malicious there would be more accounts pulled. Even if it was someone who was just curious to see if they could do it wouldn't have just stopped at one but someone who is trying to playing the role of a white hat would potentially only do this on one single account. I'll be really disappointed if that's what it turns out to be and Spotify decides to prosecute.

    1. Re:This sounds like a proof of flaw 'hack'. by Charliemopps · · Score: 4, Insightful

      1 account only was hacked? This sounds like someone who was trying to prove that a flaw exists in their security.

      I'm guessing there is more to this story to come - this sounds like they are setting things up to go after this 'hacker'' that caused the security breach. If it was someone trying to do something malicious there would be more accounts pulled. Even if it was someone who was just curious to see if they could do it wouldn't have just stopped at one but someone who is trying to playing the role of a white hat would potentially only do this on one single account.

      I'll be really disappointed if that's what it turns out to be and Spotify decides to prosecute.

      Or the person hacked was a high level employee who had the same password for his music account as he did for his corporate account. Keys to the kingdom and all...

  2. My account was hacked. by rnswebx · · Score: 3, Interesting

    I had my account 'hacked' and the email address changed. I went through a few days of email exchanges with Spotify support before they would restore access. I've had an account since before FB authentication, but I still have a difficult time believing mine is the only one...

  3. As Spotify's DBA.. by MyLongNickName · · Score: 5, Funny

    As Spotify's DBA, I personally reviewed the log from the hacking session. There was only 1 user that appeared in the SQL query... strange guy with "*" as his username (no quotes) and he kept showing up in the SELECT queries.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  4. Re:Thought they used Facebook for all logins? by marsu_k · · Score: 4, Informative

    Rewriting history there - the Facebook "integration" came later, when it was released here in the Nordic countries it was just a login/pass. I don't think it was ever mandatory though? At least, as an existing customer, I've never needed to link my Spotify account to Facebook.

  5. Re:Thought they used Facebook for all logins? by marsu_k · · Score: 3, Informative

    But your assumption is wrong, Spotify is from Sweden.

  6. The ad in my Spotify client today, I kid you not.. by GoddersUK · · Score: 4, Insightful

    http://i.imgur.com/b4DHe4z.png The timing couldn't have been better. (In fact, perhaps the hack was someone taking this too literally?)