Over the past few months the big craze has been around Spotify, a streaming music service that is ever growing in popularity. Their basic service is free, but ad-supported, and and allows you to listen to thousands upon thousands of tracks without paying. They also have various premium services to remove ads that are at different price rates.
It has just come to light that they have had a breach of security where users details such as email address, billing address, date of birth, etc. have been obtained through a vulnerability. Apparently they would not have been able to get hold of credit card details, but they have been able to get hold of hashes of the passwords. Whatever form of hash they use (such as MD5 which has been hacked in the past, or SHA) they were able to use these to gain access to accounts they also knew the usernames for.
The affected users are those who registered on the site before December 19th 2008 - which apparently only amounts to 10,000 are at risk of being compromised despite the fact the service has millions of users and has been running since 2006. Apparently although the issue with their protocol had been patched months ago it only came to light last week after the hackers supposedly contacted them via a third party announcing that it was a deliberate and targeted attack at Spotify.
