Spotify, the fab online music service, has been hit by hackers.
In a mail just sent out to Spotify users, they reveal that the Spotify protocol – the method they use to transfer music to subscribers – has been compromised by a hacking group.
Spotify say, “we concluded that this group had gained access to information that could allow testing of a very large number of passwords, possibly finding the right one.”
The advice from Spotify? “If you have an account that was created on or before December 19th 2008, we strongly suggest that you change your password and strongly encourage you to change your passwords for any other services where you use the same password.”
There’s some reassurances available from Spotify, “A complete user database has not been leaked, but until December 19th, 2008 it was possible to access the password hashes of individual users had you reverse-engineered the Spotify protocol and knew the username.”
After such success with the product, this must be hitting Spotify pretty hard. In an email to users they tell subscribers that they’re “doubling our efforts to keep the systems secure in order to prevent anything like this from happening again.”