Online music service Spotify has revealed that thousands of users’ personal details may have been stolen by hackers. The service allows registered users instant access to a huge catalog of music, picking any track they choose to stream directly over the internet to their computer. The company serves more than a million users across Europe, with an estimated 250,000 in the UK alone.
According to an announcement by the service, a group of computer criminals found a loophole in the program that gave them access to some users’ passwords. Although the passwords are encrypted, Spotify confirmed that they were still potentially vulnerable to a so-called “brute force” attack to try and guess them.
“Along with passwords, registration information such as your email address, birth date, gender, postal code and billing receipt details were potentially exposed,” the company said. “Credit card numbers are not stored by us and were not at risk.”
It said that the bug in the system was spotted and fixed shortly before Christmas, meaning that only users who signed up before December 19 could be affected. It is not clear how many people were using the service at that time, since Spotify was still an invitation-only service and has grown more rapidly in the subsequent months.
No comments were made by the company regarding the breach.
More on CyberInsecure: