IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Security woes hit Spotify music service

Music service Spotify is the latest web darling to be hit by a security attack.

It's a popular, up-and-coming web service, so the time seems right for the bad guys to keep Spotify grounded by hitting it with a security breach.

Just days after signing up its millionth user, Spotify admitted that its security had been bypassed, with user information such as email, birth date, gender, post code and billing receipt details potentially open to hackers. Payment data such as credit card numbers are not held by the company, so were not at risk, it said.

The music service was alerted last week that its protocols had been compromised, allowing rapid testing of passwords. "The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware that anyone had had access to our protocols to exploit it," Spotify's chief technology officer Andreas Ehn wrote in the service's official blog.

Spotify was quick to clarify that the only users at risk were those with a weak password who signed up before 19 December last year and had not changed their password since that date. Any user fitting that description was sent a warning email and advised to change their password.

The data that was compromised were password hashes. Until that bug was fixed, "it was possible to access the password hashes of individual users had you reverse-engineered the Spotify protocol and knew the username."

"We are really sorry about this and hope you accept our apologies. We're doubling our efforts to keep the systems secure in order to prevent anything like this from happening again," Ehns wrote.

The Spotify attack follows security breaches at Facebook and Twitter.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Google Play to trial alternative billing system in 'app store first'
billing

Google Play to trial alternative billing system in 'app store first'

24 Mar 2022
Spotify to expand into audiobooks with Findaway acquisition
mergers and acquisitions

Spotify to expand into audiobooks with Findaway acquisition

12 Nov 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022