Spotify's revelations last night that its password hashes had been stolen has given rise to a number of comments online which has led the free online service to issue an update to its original post.
Earlier today, the BBC and a number of other websites have reported that Spotify reported that "people's personal details, including e-mail addresses, dates of birth and billing addresses, were all stolen" while the Press Association claims that the music website admitted that "the personal details of 10,000 members may have been stolen by hackers."
As of 13:00, Spotify had yet to publish a post saying that users' details had been stolen. The updates security notice, published yesterday night, sets the record straight and tries to clear out the confusion that arose from the noise surrounding the incident. Spotify clearly says that a user password is at risk only if ALL of the following happens.
The user had a Spotify account before December 19th, 2008 AND has not changed your password since December 19th, 2008 AND used a a weak password. Furthermore, someone from a small group of people (the hackers) must have asked Spotify's servers specifically to see the account details before that date AND someone from the same small group decided to put computation time towards guessing that password.
To make things worse, Spotify's servers seemed to have been overloaded yesterday night with user requests as everyone tried to access the website to change their details. The company based in Sweden apparently has more than 250,000 Users in the UK, roughly 25 percent of its total user base.
Go To Page 2 for our comments and more related links
Here's what ITWire says about the whole ruckus, something which we strongly support. "So, sure, let's give Spotify a spanking for allowing this to happen but let's not crucify them on a cross of media misunderstanding. Now if you want to get the crown of thorns out for the potential misuse of that other personal information mentioned, that's a different story altogether."
(The H Security)