Spotify made an unsettling announcement today: the digital music-streaming company had been hacked. In an urgent blog post, Spotify CTO Oskar Stål told users it had discovered unauthorized access to its systems, and explained that it was investigating. Spotify said it would urge certain users to change their passwords, and encouraged Android users to follow prompts to upgrade their accounts over the next few days.

The response to the hack appeared quick and conscientious. But there’s one odd thing: Spotify only reported one person affected by the hack.

“Our evidence shows that only one Spotify user’s data has been accessed and this did not include any password, financial, or payment information. We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident,” Stål wrote.

A Spotify spokesperson told the Daily Dot the company does not plan to comment beyond the blog post. The response to the hack implies that the company at the very least believes its Android users to be vulnerable beyond the one person confirmed to be impacted, but since there aren’t any details available, it’s not clear how big the potential reach of it is.

Last week, hackers broke into eBay’s employee accounts, taking information from an unspecified number of users. Like Spotify, eBay insisted there was no evidence of unauthorized access to users’ account information. Also like Spotify, it urged users to change their passwords.

After the Heartbleed bug left around two-thirds of the Web vulnerable to eavesdropping, it affected many major services, from Yahoo to Canada’s online tax filing system. Coupled with a slew of other (non-Heartbleed major) hacks, from Target’s credit card data hemorrhage, Snapchat’s phone number leak, it’s clear there’s no digital service entirely safeguarded against attacks. There are common sense steps users can take to avoid a breach, like choosing a strong password, but part of the deal about using the Internet is understanding that there’s a chance your information could get swiped. That’s not how it should be, but it’s how it is. And while there’s no need to panic about a Spotify hack that the company is clearly attempting to nip in its data-leaching bud, at this point, changing your password when a company tells you to isn’t a wise idea as much as it is a non-stupid one.

Illustration via Jason Reed