BBC news: http://news.bbc.co.uk/2/hi/technology/7925455.stm
>From the spotify blog (http://www.spotify.com/blog/): For the technically minded amongst you, the information that may have been exposed when our protocols were compromised is the password hashes. As stated, we never store passwords, and they have never been sent over the Internet unencrypted, but the combination of the bug and the groupâs reverse-engineering of our encrypted streaming protocol may have given outsiders access to individual hashes. The hashes are salted, making attacks using rainbow tables unfeasible. Short or otherwise bad passwords could still be vulnerable to offline targeted brute-force or dictionary attacks on individual users, but you could not run attacks in parallel. Also, there has been no known breach of our internal systems. A complete user database has not been leaked, but until December 19th, 2008 it was possible to access the password hashes of individual users had you reverse-engineered the Spotify protocol and knew the username. We are really sorry about this and hope you accept our apologies. Weâre doubling our efforts to keep the systems secure in order to prevent anything like this from happening again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:290638 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
