STOCKHOLM, Sweden. (Hypebot) –
More than a million users of EU based online music service Spotify had the passwords and other sign up info compromised.
"Last week we were alerted to a group that managed to compromise our protocols. After investigating we concluded that this group had gained access to information that could allow rapid testing of password guesses, possibly finding the right one. The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware that anyone had had access to our protocols to exploit it.
Along with passwords, registration information such as your email address, birth date, gender, postal code and billing receipt details were potentially exposed. Credit card numbers are not stored by us and were not at risk. All payment data is handled by a secure 3rd party provider.
If you have an account that was created on or before December 19th, 2008, we strongly suggest that you change your password and strongly encourage you to change your passwords for any other services where you use the same password.