Tidal, the streaming music service that seems to have been doomed since launch, is investigating a possible data breach following allegations that the company has been artificially inflating its subscribers and streaming numbers for platform exclusives.
Music Business Worldwide reported the company has enlisted the help of an “independent, third-party cyber-security firm” to look into the possibility Tidal was breached by a hacker who apparently has a vested interest in the service’s success and decided to fluff the numbers for it.
The audit of the company’s cybersecurity integrity comes after a report in the Norwegian newspaper Dagens Næringsliv accused Tidal of boosting the number of listens for some albums—specifically of Kanye West’s The Life of Pablo and Beyoncé’s Lemonade, both of which were hosted exclusively on Tidal when first released.
According to Tidal, which has been mostly tight-lipped about its numbers, The Life of Pablo hit 250 million listens in just 10 days and Lemonade reached 306 million streams within 15 days—huge figures for a streaming service that had just three million subscribers at the time. Dagens Næringsliv, which obtained a hard drive that purportedly contained internal data from Tidal, claimed those public numbers may be false.
Interestingly, the publication—which tapped the Norwegian University of Science and Technology’s Centre for Cyber and Information Security to analyse the data—basically ruled out a hack being responsible for the inflated figures:
Our analysis also shows a significant number of system users were affected by the manipulation, which may exclude a external or user originated manipulation. As such the manipulation likely originates from within the streaming service itself.
Despite that, Tidal is responding to the claims in a pretty peculiar way, denying the charges altogether while also suggesting the reports led the company to believe it may have been the victim of a data breach. Here’s a statement from Tidal CEO Richard Sanders, provided to Variety:
We reject and deny the claims that have been made by Dagens Næringsliv. Although we do not typically comment on stories we believe to be false, we feel it is important to make sure that our artists, employees, and subscribers know that we are not taking the security and integrity of our data lightly, and we will not back down from our commitment to them.
When we learned of a potential data breach we immediately, and aggressively, began pursuing multiple avenues available to uncover what occurred. This included reporting it to proper authorities, pursuing legal action, and proactively taking steps to further strengthen our stringent security measures that are already in place.
So Tidal’s position on the incident is basically: “This report is false and our numbers are correct, but if they aren’t correct then we were hacked.” The company is treading dangerously close to Tommy Flanagan territory. “Yeah, we got hacked. That’s right, hacked. Yeah, that’s the ticket.” [Variety, Music Business Worldwide]