Davey Winder
Thursday, 05 March 2009 16:14
Your IT -
Home IT
Page 1 of 2
Users of popular online music service Spotify are understandably worried by the news of a security breach that, according to many reports, has exposed password and sensitive information. But how accurate are those reports?
Millions of people have been enjoying free online music courtesy of an
ad-sponsored service operated by Spotify. That enjoyment has been cut
short for many with the news of a pretty serious security breach.
The BBC reports that hackers "had got their
sticky fingers all over its filing system" while others talk of
thousands of passwords being stolen.
Just about every report I have seen includes a quote from the
official
announcement
of the breach which mentions that along with password "registration
information such as your email address, birth date, gender, postal code
and billing receipt details were potentially exposed."
Some reports even include the next line which states that "Credit card
numbers are not stored by us and were not at risk." However, most do
not seem to have bothered reading the entire Spotify statement or at
least have failed to comprehend it at all.
That statement confirms that the potential breach was first noticed
last week, and after investigation Spotify concluded that an unnamed
group had managed to compromise protocols courtesy of a vulnerability
discovered and fixed on December 19th 2008.
"Until last week we were unaware that anyone has had access to our
protocols to exploit it" a Spotify spokesperson by the name of Andres
admits. He also states that the information accessed "could allow rapid
testing of
password guesses, possibly finding the right one."
Without wishing to undermine the seriousness of any security breach,
especially at an up and coming service with a high media profile and
which had just celebrated gaining its one millionth user, this breach
is not as bad as it is being painted in some quarters methinks.
So what, exactly happened and who exactly is at risk here? More on page 2...
CONTINUES