Cyber Incident Victim: Tidal
Date:
Feb 2016
Location:
Norway
Summary
Tidal investigated a potential data breach following allegations of inflated subscriber counts and manipulated streaming metrics for prominent albums, which the company vehemently denied as false claims and a smear campaign. The streaming service engaged an independent cybersecurity firm to conduct a thorough review of its systems, emphasizing its commitment to data security and integrity while disputing external reports that suggested targeted manipulation of specific content performance figures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early 2018, Tidal, the music streaming service owned by Jay-Z, initiated an investigation into a potential data breach following allegations of manipulated subscriber and streaming metrics. Reports surfaced from a Norwegian publication citing research by NTNU University, which claimed Tidal had inflated streaming numbers for two high-profile albums: Kanye West's "The Life of Pablo" and Beyoncé's "Lemonade." The analysis suggested targeted data manipulation affecting these specific releases, with discrepancies indicating artificial inflation of play counts. Tidal immediately denied these allegations, characterizing them as a "smear campaign" based on falsified information. The company specifically rejected accusations of subscriber count manipulation and disputed the methodology of the university's report. These allegations compounded existing skepticism about Tidal's reported growth metrics since its 2015 relaunch under Jay-Z's ownership.
In response to the allegations, Tidal announced on May 18, 2018, that it had engaged an independent third-party cybersecurity firm to conduct a comprehensive review of its systems and data integrity. CEO Richard Sanders emphasized the company's commitment to data security, stating the investigation aimed to reassure artists, employees, and subscribers about the platform's operational transparency. While maintaining that no breach had been confirmed, Tidal acknowledged strengthening its security measures and involving cybersecurity experts to assess potential vulnerabilities. The company simultaneously contested media portrayals of its executives as misleading, asserting these descriptions relied on outdated information. Throughout the incident, Tidal maintained its position that all streaming and subscriber data was accurate, attributing the controversy to misinterpreted data and competitive attacks against the platform. The investigation remained ongoing at the time of public disclosure, with no conclusive findings about breach occurrence or manipulation released publicly.