All the latest UK technology news, reviews and analysis
|
|
|
05 Mar 2009
Online music service Spotify has become the latest web firm to suffer a major hack, after revealing yesterday that criminals may have accessed user registration details.
The company said in a security notice on the site that it had been "alerted to a group that managed to compromise our protocols", and could have stolen passwords, email addresses, birth dates, gender details, post codes and billing receipt information.
Credit card details are safe, according to Spotify, as payment is handled by a third party provider.
"After investigating, we concluded that this group had gained access to information that could allow rapid testing of password guesses, possibly finding the right one," read the security notice.
"The information was exposed due to a bug that we discovered and fixed on 19 December 2008. Until last week, we were unaware that anyone had had access to our protocols to exploit it."
Spotify is urging users who signed up before 19 December to change their passwords for the site, and for any other services where they have used the same passwords.
Graham Cluley, senior technology consultant at Sophos, warned in a blog post that too many people use the same password on every web site they access.
"That's the real story here," he said. "If just one web site has a security blunder, all of your online information may be at risk."
Simon McCready, a partner in the media team at consultancy Deloitte, argued that date of birth and partial address details could be sufficient information to commit identity theft and obtain a credit card fraudulently.
"Users who have given their personal information in return for free music may not see security as a priority," he added. "Users also need to be wary of 'phishing' emails from the hackers seeking additional information after this initial loss."
Latest stories from Software
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
A senior C# developer is required by a leading investment...
A senior C# developer is required by leading investment...
6 Month Contract/ Immediate Start/ £325 a day Roc...
DBA, SQL server 2005 / 2008, SQL Server DBA, SQL DBA...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Misleading
This article is grossly misleading. There's no evidence anything was hacked. There is the fact however there was a security issue. That's quite the difference. About as big as the difference between sensationalism and journalism.
Posted by: Sune 03 Apr 2009
crucial info we need on this article
we need to be told what the bug was, how they found it and what the hackers used so that other businesses can look for this hole and fix it ! whenever companys get hacked we need this info as a priority..also what security software were they using? we need to be able to figure out how to stop our sites being compromised, if we all share this info our businesses will be much safer for customers
Posted by: davec sore 05 Mar 2009