In a blog post on Tuesday, Spotify chief technology officer Oskar Stal did not confirm when the "unauthorized access to our systems" occurred, but did say that user data had been accessed — although, just one person, he said.
"Our evidence shows that only one Spotify user's data has been accessed and this did not include any password, financial, or payment information. We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident."
The attack appears to be an isolated and tiny incident, considering the music streaming service has an estimated 40 million users. Stal said the company was "not aware of any increased risk to users as a result of this incident."
Stal said the company takes the matters seriously, and will be asking some users to re-enter their username and password in the coming days.
The company also said Android users will be guided to upgrade this week.
It's not clear if the data breach was as a result of Android, but did say in a follow-up Q&A that, "We do not believe this incident will affect your phone in any way."
That said, we have questions in with the company and will update once we hear back.