It’s still a little vague as to exactly what happened, however it appears that Spotify has fallen victim to mobile app security woes.
In a recent statement on its website, Spotify informed its users that it has experienced unauthorized access to its systems, compromising internal company data. There isn’t much detail about how the access was achieved or exactly what type of data was accessed except for this, “Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial or payment information. We have reached out to this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident.”
All who use Spotify on Android devices are being prompted to update the app to a new version as a precautionary measure.
If you read Spotify’s statement, you’ll find that there isn’t much specific information. Although reports show that only one user’s information was compromised, the incident was enough to warrant a public message and an immediate fix to the mobile app.
External apps pose internal threats
There has been a lot of talk recently about the danger that mobile app vulnerabilities have for users. Personal identifiable information (PII) can be mined leading to identity theft and fraud. User safety can be compromised due to vulnerabilities found in certain apps that rely on a user’s geolocation. Usernames and passwords can be accessed if encryption isn’t done appropriately. And so much more.
This announcement highlights a different kind of threat: a threat to a company’s internal data. Enterprises have gone a long way to secure the apps that run on their employees’ devices and the apps they they use internally to ensure that their data is safe. There is a large group of security service providers playing in this part of the market. These are internal facing systems and policies.
Now we’re talking about an external facing system (where a business lacks a great amount of control) posing potentially major internal problems.
Regarding the Spotify incident, we many not ever know exactly what type of internal information was accessed or how much, but that doesn’t necessarily matter. What matters is this: could hackers use a mobile app to hack into a business’ important and sensitive information?
Yes. They absolutely could.
