Interesting note at the end about offline playists having to be re-downloaded. That, and the phrase 'internal company data' has me curious if the breach was some kind theft of media, as opposed to user credentials and info.
I don't think the playlist thing is related to the breach at all.
This is likely just a side effect of the new version being an entirely new Android app instead of an upgrade to the existing one. If the local playlist data and/or offline settings were sandboxed to the old app, a new app wouldn't be able to access it.
Offline playlists are encrypted by Spotify. Presumably this change means that the encryption keys used by Spotify to store offline data were compromised.
Actually, it looks like the "upgrade" is actually a new app entirely, so it's probably just that since it's a new app, the offline data has to be regenerated.
The makes sense to me as it's unusual to make such a public announcement when just one users data has been compromised and it didn't include and personal or payment information. It sounds like something Spotify are worried about that likely won't harm actual users and media theft seems like a decent conclusion.
If that was the case I don't think they would bother writing that blog-post. Why on earth would a user 'care' about another user 'stealing his digital media', when it's just 'songs' that are not even owned, by basically 'rented' on a monthly fee.
This is likely just a side effect of the new version being an entirely new Android app instead of an upgrade to the existing one. If the local playlist data and/or offline settings were sandboxed to the old app, a new app wouldn't be able to access it.