What Spotify’s Data Breach Teaches Us About Android and Streaming Services

Spotify was recently hit by a bizarre data breach that affected a single user. What can this event teach us about Android security and the music streaming business?

May 29, 2014 at 10:51AM

Spotify, one of the most popular streaming music services in the world, revealed on May 27 that its Google (NASDAQ:GOOG)(NASDAQ:GOOGL) Android app had been hacked. However, unlike eBay's (NASDAQ:EBAY) disastrous data breach, which could potentially affect up to 233 million registered accounts, Spotify's data breach strangely only affected one unlucky user.


Source: Wikimedia Commons.

In a blog post, Spotify CTO Oskar Stål stated that there was evidence that a single user's data had been accessed, but it "did not include any password, financial, or payment information." The company has asked that its customers reenter their usernames and passwords as a "general precaution," and that it will release a mandatory update for the Android app soon. Offline playlists will need to be redownloaded in the new version.

Although Spotify's data breach sounds relatively mild compared to recent attacks against Adobe, Target, and eBay, the attack on Spotify highlights the fact that no online service should consider itself safe from hackers.

A timely response
Spotify moved quickly to contain the threat and clearly inform its 40 million active users about the issue. There was no mass panic or confusion about the nature of the breach.

By comparison, eBay failed to identify its data breach for three months, then waited two weeks after noticing it to inform the public. It then posted inadequate information and broken links on its main website, and failed to inform customers in a timely manner via email.

However, that's not to say that Spotify is off the hook just yet. Dwayne Melancon, CTO of security firm Tripwire, told BBC that the attack could have merely been a "proof of concept" attack to demonstrate that the service could be hacked. Melancon also noted that it was likely a "re-usable, broadly applicable attack method," which could possibly affect older versions of the Spotify app.

In other words, this could have been a dry run for attacks on much bigger streaming services, such as market leader Pandora (NYSE:P) Pandora, which had 75.3 million active listeners at the end of March.

What does this tell us about Android?
It's not surprising that the hack on Spotify struck its Android app, and not its iOS one. Due to Android's rising popularity -- it has a 78% global market share in smartphones and a 62% market share in tablets -- it has become an increasingly popular target for hackers.


Spotify's Android app. Source: Google Play.

Android is suffering from the same problem that plagued Microsoft (NASDAQ: MSFT) Windows in the past -- it is being targeted by hackers who want to inflict maximum damage. Windows Phone, for example, is generally considered less vulnerable than Android because it makes little sense to target an operating system that only accounts for 3% of the market.

Last November, F-Secure released a startling report that revealed that 97% of all mobile malware targets Android devices. Juniper Networks and CNET also reported that mobile malware surged 614% between March 2012 and March 2013, compared to 155% growth in the prior year. 

As a result, many Android users are now advised to install anti-virus software on their devices, despite former Google CEO Eric Schmidt's bold claim last October that Android devices were "more secure" than iPhones.

What does this tell us about Spotify and Pandora?
In a previous article, I compared Spotify's business model to Pandora's. Although the two companies seem superficially similar, they make money in very different ways. The majority of Spotify's revenue comes from paid subscribers, while the majority of Pandora's comes from advertising.

The two companies are essentially inverted images of each other -- 85% of Spotify's revenue comes from subscriptions and 15% comes from advertising, while 28% of Pandora's revenue comes from subscriptions and 72% is generated by ads.

However, both companies face the same challenge -- big royalty rates paid to the recording industry. Spotify pays nearly 70% of its revenue to rights holders. Last quarter, Pandora paid 56% of its revenue to rights holders. After those royalties are deducted along with other operating expenses, there's not much room for a profit. Pandora finished last quarter with a net loss of $29 milion, or $0.14 per share. Spotify, which is privately held, reported a net loss of $78 million in 2012.

This means that to realize a profit, Spotify and Pandora have to cut costs. When we consider the fact that eBay -- one of the largest e-commerce sites in the world with $16 billion in annual revenue -- failed to invest in adequate security technology, the problem becomes clear -- how can Spotify and Pandora, which already have enough trouble preserving their bottom lines, invest in the technology to protect millions of listeners worldwide?

The bottom line
In conclusion, Spotify clearly dodged a bullet by responding to the data breach in a calm and quick manner. However, this might only be the tip of the iceberg for data breaches against other streaming services.

Companies need to invest more heavily in securing their user data, and be ready to execute clear plans of action if data breaches occur. One big blunder, as eBay has learned the hard way, can undo years of trust and goodwill within a few days.  

Leaked: Apple's next smart device (warning, it may shock you)
Apple recently recruited a secret development "dream team" to guarantee its newest smart device was kept hidden from the public for as long as possible. But the secret is out, and some early viewers are claiming its everyday impact could trump the iPod, iPhone, and the iPad. In fact, ABI Research predicts 485 million of this type of device will be sold per year. But one small company makes Apple's gadget possible. And its stock price has nearly unlimited room to run for early-in-the-know investors. To be one of them, and see Apple's newest smart gizmo, just click here!

Leo Sun owns shares of Google (C shares). The Motley Fool recommends Adobe Systems, eBay, Google (A shares), Google (C shares), and Pandora Media. The Motley Fool owns shares of eBay, Google (A shares), Google (C shares), Microsoft, and Pandora Media. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

Money to your ears - A great FREE investing resource for you

The best way to get your regular dose of market and money insights is our suite of free podcasts ... what we like to think of as “binge-worthy finance.”

Feb 1, 2016 at 5:03PM

Whether we're in the midst of earnings season or riding out the market's lulls, you want to know the best strategies for your money.

And you'll want to go beyond the hype of screaming TV personalities, fear-mongering ads, and "analysis" from people who might have your email address ... but no track record of success.

In short, you want a voice of reason you can count on.

A 2015 Business Insider article titled, "11 websites to bookmark if you want to get rich," rated The Motley Fool as the #1 place online to get smarter about investing.

And one of the easiest, most enjoyable, most valuable ways to get your regular dose of market and money insights is our suite of free podcasts ... what we like to think of as "binge-worthy finance."

Whether you make it part of your daily commute or you save up and listen to a handful of episodes for your 50-mile bike rides or long soaks in a bubble bath (or both!), the podcasts make sense of your money.

And unlike so many who want to make the subjects of personal finance and investing complicated and scary, our podcasts are clear, insightful, and (yes, it's true) fun.

Our free suite of podcasts

Motley Fool Money features a team of our analysts discussing the week's top business and investing stories, interviews, and an inside look at the stocks on our radar. The show is also heard weekly on dozens of radio stations across the country.

The hosts of Motley Fool Answers challenge the conventional wisdom on life's biggest financial issues to reveal what you really need to know to make smart money moves.

David Gardner, co-founder of The Motley Fool, is among the most respected and trusted sources on investing. And he's the host of Rule Breaker Investing, in which he shares his insights into today's most innovative and disruptive companies ... and how to profit from them.

Market Foolery is our daily look at stocks in the news, as well as the top business and investing stories.

And Industry Focus offers a deeper dive into a specific industry and the stories making headlines. Healthcare, technology, energy, consumer goods, and other industries take turns in the spotlight.

They're all informative, entertaining, and eminently listenable. Rule Breaker Investing and Answers are timeless, so it's worth going back to and listening from the very start; the other three are focused more on today's events, so listen to the most recent first.

All are available for free at www.fool.com/podcasts.

If you're looking for a friendly voice ... with great advice on how to make the most of your money ... from a business with a lengthy track record of success ... in clear, compelling language ... I encourage you to give a listen to our free podcasts.

Head to www.fool.com/podcasts, give them a spin, and you can subscribe there (at iTunes, Stitcher, or our other partners) if you want to receive them regularly.

It's money to your ears.


Compare Brokers