Data from early users put at risk.
So it seems Spotify can do wrong after all…
The potentially industry changing music app today ran into its first significant piece of bad PR: a major user data security failure. Speaking candidly on its blog Spotify has admitted:
“Last week we were alerted to a group that managed to compromise our protocols. After investigating we concluded that this group had gained access to information that could allow rapid testing of password guesses, possibly finding the right one. The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware that anyone had had access to our protocols to exploit it.”
Users most at risk are those who signed up before 19 December with data at risk from the hack including email addresses, birth dates, gender, post codes and billing receipts. Wisely, credit card information isn’t stored by Spotify (it employs a third party) so thankfully there’s no issue there. Spotify strongly recommends pre 19 December users change their passwords asap.
As with the Gmail outage reaction around the Internet to this development has spiralled ridiculously out of control. Yes, it is disappointing but unfortunately it is also something which virtually every major service has been victim to at one point or another and it doesn’t change the fact Spotify provides a truly brilliant industry advancing solution.
Ho hum. Welcome to the big leagues Spotify…