Spotify
Hackers may have compromised Spotify user account details

Spotify user details compromised in major hack

Online music service warns its million-plus users to change their passwords

Phil Muncaster

Online music service Spotify has become the latest web firm to suffer a major hack, after revealing yesterday that criminals may have accessed user registration details.

The company said in a security notice on the site that it had been "alerted to a group that managed to compromise our protocols", and could have stolen passwords, email addresses, birth dates, gender details, post codes and billing receipt information.

Advertisement

Credit card details are safe, according to Spotify, as payment is handled by a third party provider.

"After investigating, we concluded that this group had gained access to information that could allow rapid testing of password guesses, possibly finding the right one," read the security notice.

"The information was exposed due to a bug that we discovered and fixed on 19 December 2008. Until last week, we were unaware that anyone had had access to our protocols to exploit it."

Spotify is urging users who signed up before 19 December to change their passwords for the site, and for any other services where they have used the same passwords.

Graham Cluley, senior technology consultant at Sophos, warned in a blog post that too many people use the same password on every web site they access.

"That's the real story here," he said. "If just one web site has a security blunder, all of your online information may be at risk."

Simon McCready, a partner in the media team at consultancy Deloitte, argued that date of birth and partial address details could be sufficient information to commit identity theft and obtain a credit card fraudulently.

"Users who have given their personal information in return for free music may not see security as a priority," he added. "Users also need to be wary of 'phishing' emails from the hackers seeking additional information after this initial loss."

Do you agree?

Further reading

Phishing

Phishers launch multi-platform IM attack

Gmail and Yahoo account holders among those targeted in widespread scam

Jack Straw

Scammers hijack Jack Straw's email

Hotmail address used to run money scams

Poor password practice putting users at risk

Security still playing second fiddle to convenience, warns Gartner

Adobe warns of PDF threat

Attacks target flaw in Reader and Acrobat

Related whitepapers

Related jobs

Most watched

Gmail logo

vnunet.com weekly debrief, 27 Feb 09

In this week's video, the Gmail outage and Yahoo's management restructure

Madeline Bennett and Mark Deakin

Unified comms Q&A part 2: Microsoft on security challenges

This video offers practical advice on how to overcome the security risks posed by unified comms

IT white papers

Search white papers

Top categories

Poll

Mobile content: Text message updates

Mobile content: Text message updates

Which of the following would you be most interested in receiving SMS updates on?

Previous poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

Yahoo logo

vnunet.com weekly debrief, 6 Mar 09

Yahoo's future plans, the biggest news from CeBIT and super-fast...

Mobile computing

Business survival down to agility and mobility

Gartner highlights fundamental importance of a mobile strategy

NYPD car

Podcast Special: Views from the Valley

The hottest news from the US, including the NYPD losing...

Facebook new homepage

Top 10 vnunet.com articles, 6 Mar 09

New-look Facebook, Windows excitement and Pirate Bay case rolls to...

Primary Navigation