IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Security woes hit Spotify music service

Music service Spotify is the latest web darling to be hit by a security attack.

It's a popular, up-and-coming web service, so the time seems right for the bad guys to keep Spotify grounded by hitting it with a security breach.

Just days after signing up its millionth user, Spotify admitted that its security had been bypassed, with user information such as email, birth date, gender, post code and billing receipt details potentially open to hackers. Payment data such as credit card numbers are not held by the company, so were not at risk, it said.

The music service was alerted last week that its protocols had been compromised, allowing rapid testing of passwords. "The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware that anyone had had access to our protocols to exploit it," Spotify's chief technology officer Andreas Ehn wrote in the service's official blog.

Spotify was quick to clarify that the only users at risk were those with a weak password who signed up before 19 December last year and had not changed their password since that date. Any user fitting that description was sent a warning email and advised to change their password.

The data that was compromised were password hashes. Until that bug was fixed, "it was possible to access the password hashes of individual users had you reverse-engineered the Spotify protocol and knew the username."

"We are really sorry about this and hope you accept our apologies. We're doubling our efforts to keep the systems secure in order to prevent anything like this from happening again," Ehns wrote.

The Spotify attack follows security breaches at Facebook and Twitter.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Google Play to trial alternative billing system in 'app store first'
billing

Google Play to trial alternative billing system in 'app store first'

24 Mar 2022
Spotify to expand into audiobooks with Findaway acquisition
mergers and acquisitions

Spotify to expand into audiobooks with Findaway acquisition

12 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022