Spotify admits some passwords may be hackable

Apple iTunes online music rival Spotify has been hacked, potentially exposing the personal details of thousands of users.

This is the latest...

Apple iTunes online music rival Spotify has been hacked, potentially exposing the personal details of thousands...

of users.

This is the latest online service to be attacked by hackers. Online recruitment site revealed in January that hackers had stolen the details of 4.5million UK job seekers.

Spotify has notified users that hackers had accessed information that would enable them to crack passwords.

Although the passwords are encrypted, Spotify said they were potentially vulnerable to a "brute force" attack to guess them.

The security vulnerability was caused by a bug that was discovered and fixed on 19 December 2008, and all users who created an account on or before that date should change their password, Spotify said.

Registration information such as e-mail address, date of birth, gender, postal code and billing receipt details were potentially exposed.

Spotify said all payment information such as credit card numbers was secure as this information is handled by a third party.

The online music provider emphasised that there has been no known breach of its internal systems and that its user database has not been leaked.

"Until 19 December, 2008 it was possible to access the password hashes of individual users had you reverse-engineered the Spotify protocol and knew the username," Spotify said in a blog.

"We are doubling our efforts to keep the systems secure in order to prevent anything like this from happening again," the posting said.

Spotify is said to have more than one million users across Europe, including 250,000 in the UK.

The service allows users access to a list of tracks they can choose to stream over the internet to a computer.

An advertising-sponsored service is available for free, but users can sign up for an ad-free service for £10 a month.



Enjoy the benefits of CW+ membership, learn more and join.

Read more



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: