Per Music Business Worldwide, Tidal CEO Richard Sanders spouted the typical company line about taking its data and customer security seriously before divulging that he'd hired a cybersecurity agency to investigate a potential security failure.
That's weird for a few reasons. For starters, when Norwegian publication Dagens Næringsliv (DN) published its report about the data manipulation, Tidal told Engadget that it was a "smear campaign." More than that, a spokesperson told us that the story was ridiculous and full of "lies and falsehoods," claiming the hard drive DN received was stolen.
Even though Tidal has said the data on the drive was bunk, however, it apparently matched exactly with what it provided record labels during the period of time in question.
When the Norwegian University of Science and Technology examined said hard drive and data, it stated (PDF) that:
"The absence of records with unreadable data suggested it was not an external Structured Query Language Injection(SQLi) vector based attacked, but rather manipulation from within the streaming service itself. Due to the targeted nature and extent of the manipulation, it is very unlikely that this manipulation was solely the result of a code based bug or other system anomaly."
"We reject and deny the claims that have been made by DN," Sanders said. "Although we do not typically comment on stories we believe to be false, we feel it is important to make sure that our artists, employees and subscribers know that we are not taking the security and integrity of our data lightly, and we will not back down from our commitment to them."