Wednesday, March 04, 2009

Hackers Break In To Spotify

Bobbi Johnson writes on The Guardian:

Much-vaunted online music service Spotify has been dealt a blow, after revealing that thousands of users' personal details may have been stolen by hackers.

According to an announcement by the service – which now has more than a million users worldwide – a group of computer criminals found a loophole in the program that gave them access to some users' passwords.

Although the passwords are encrypted, Spotify confirmed that they were still potentially vulnerable to a so-called "brute force" attack to try and guess them.

"Along with passwords, registration information such as your email address, birth date, gender, postal code and billing receipt details were potentially exposed," the company said. "Credit card numbers are not stored by us and were not at risk."

It said that the bug in the system was spotted and fixed shortly before Christmas, meaning that only users who signed up before December 19 could be affected. It is not clear how many people were using the service at that time, since Spotify was still an invitation-only service and has grown more rapidly in the subsequent months.

It is a troubling moment for Spotify, which is based in Sweden and London, and has been hailed by some as the future of online music.

More here.


Post a Comment

<< Home