Jump to content
Newcastle-Online

SPOTIFY

Skirge

by Skirge
in Chat

 Share

Recommended Posts

Guest LucaAltieri

Guest LucaAltieri

Posted
Posted

Yeah, there was a thread on this a while ago.

 

Nice bit of software, but they need to get the rights to more world music.

 

A few months back I could get a load of foreign music, now it's all restricted based on where you are in the world.

 

This sort of thing will only work if there are few restrictions.

 

Link to post
Share on other sites
nkcgd

nkcgd

Posted
Posted

Anyone else get this?

 

Dear Spotify user,

 

Last week we were alerted to a group that managed to compromise

our protocols. After investigating we concluded that this group

had gained access to information that could allow testing of a

very large number of passwords, possibly finding the right one.

The information was exposed due to a bug that we discovered and

fixed on December 19th, 2008. Until last week we were unaware

that anyone had had access to our protocols to exploit it.

 

Along with passwords, registration information such as your email

address,birth date, gender, postal code and billing receipt

details were potentially exposed. Credit card numbers are not

stored by us and were not at risk. All payment data is handled

by a secure 3rd party provider.

 

If you have an account that was created on or before December 19th 2008,

we strongly suggest that you change your password and strongly

encourage you to change your passwords for any other services

where you use the same password.

 

When choosing your password we provide you with an indicator of

the password strength to help you choose a good one. To change

your password please visit your profile page on our website.

 

https://www.spotify.com/en/account/profile/

 

For the technically minded amongst you, the information that may

have been exposed when our protocols were compromised is the

password hashes. As stated, we never store passwords, and they

have never been sent over the Internet unencrypted, but the

combination of the bug and the group's reverse-engineering of

our encrypted streaming protocol may have given outsiders access

to individual hashes.

 

The hashes are salted, making attacks using rainbow tables unfeasible.

Short or otherwise bad passwords could still be vulnerable to

offline targeted brute-force or dictionary attacks on individual

users, but you could not run attacks in parallel. Also, there

has been no known breach of our internal systems. A complete user

database has not been leaked, but until December 19th, 2008 it was

possible to access the password hashes of individual users had

you reverse-engineered the Spotify protocol and knew the

username.

 

We are really sorry about this and hope you accept our apologies.

We're doubling our efforts to keep the systems secure in order

to prevent anything like this from happening again.

 

Regards,

The Spotify Team

Link to post
Share on other sites
Decky

Decky

Posted
Posted

 

User info stolen from music site

Spotify logo

More than 250,000 people in Britain have signed up to the service

 

The music streaming service Spotify has been targeted by hackers.

 

The Swedish company says people's personal details, including e-mail addresses, dates of birth and addresses, were all stolen.

 

However, it is thought credit-card details, which were handled by a third party, have remained secure.

 

Spotify has apologised for the security lapse and advised users who registered on the site before 19 December 2008 to change their passwords.

 

It is thought hackers gained access to user data at the end of 2008, although the security breach only came to light at the end of last week.

 

In the dark

 

Spotify's communications manager, Jim Butcher, told BBC News the company had only become aware of the attack after receiving a message from the hackers.

 

"We haven't had direct contact, it's all via third-party sources, so we don't know who they are and we don't know where they are from.

 

"This wasn't some kid playing on a computer, someone has spent hundreds of hours looking to hack into our system."

 

"We're still trying to find out the reasons they actually hacked our site, so it's difficult for me to say what they want at the present time."

 

Rory Cellan-Jones

 

Rory Cellan-Jones on Spotify

 

Launched in 2006, Spotify has more than one million registered users.

 

Instead of receiving a pay-per-download service, users can access the music for free, with tunes interrupted by advertising, or they can pay £10 a month for an ad-free service.

 

It is thought there are more than 250,000 users registered in the UK, but Spotify stressed that the number of compromised accounts was small.

 

"We think about 10,000 accounts [could be] at risk, although we are 95% sure it is a fraction of that," said Mr Butcher.

 

In a blog posting, the company explained how the hack actually took place.

 

"The information that may have been exposed when our protocols were compromised is the password hashes [codes].

 

"As stated, we never store passwords, and they have never been sent over the internet unencrypted, but the combination of the bug and the group's reverse-engineering of our encrypted streaming protocol may have given outsiders access to individual hashes."

 

The company has apologised for the security lapse and promised users that it was making efforts to ensure the hack was not repeated.

 

http://news.bbc.co.uk/1/hi/technology/7925455.stm

Link to post
Share on other sites
  • 2 months later...
Lenny

Lenny

Posted
Posted

McAfee seems to be quarentining Spotify finding IRCbot.gen.z. Seems to only be McAfee that's picking it up though.

 

I didn't have a clue what was going on this morning when I got in and tried to launch it, it had just disappeared.

Link to post
Share on other sites
ikri

ikri

Posted
Posted

McAfee seems to be quarentining Spotify finding IRCbot.gen.z. Seems to only be McAfee that's picking it up though.

 

I didn't have a clue what was going on this morning when I got in and tried to launch it, it had just disappeared.

 

McAfee have admitted to having fucked up yesterday's virus definitions but have promised to have a fix for it out at some point today.

 

McAfee has been made aware that some users are experiencing an issue with Spotify. A fix will be provided in today's regular signature file update. McAfee would like to apologise to any customers affected by this issue and reassure them that this is being addressed as a matter of urgency.

Link to post
Share on other sites
Crumpy Gunt

Crumpy Gunt

Posted
Posted

Anyone having trouble with McAfee blocking Spotify?

 

 

I've had Spotify on my comp for about 5/6 weeks now with no problems so I'm assuming a recent update of McAfee has done something to stop this from being used.

Link to post
Share on other sites
Pilko

Pilko

Posted
Posted

Crumpy:

 

McAfee has been made aware that some users are experiencing an issue with Spotify. A fix will be provided in today's regular signature file update. McAfee would like to apologise to any customers affected by this issue and reassure them that this is being addressed as a matter of urgency.

 

Link to post
Share on other sites
Crumpy Gunt

Crumpy Gunt

Posted
Posted

Crumpy:

 

McAfee has been made aware that some users are experiencing an issue with Spotify. A fix will be provided in today's regular signature file update. McAfee would like to apologise to any customers affected by this issue and reassure them that this is being addressed as a matter of urgency.

 

 

Ah reet. Cheers.

Link to post
Share on other sites
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...