Nice Hand GG Postad 4 Mars , 2009 Rapport Share Postad 4 Mars , 2009 Hackarna lyckades då antagligen få tag på ett stort antal lösenord samt uppgifter om användares adresser, kön och födelsedatum, skriver personalen på bloggen. Kreditkortsnummer ska dock inte ha kommit ut. Spotify uppmanar nu alla användare som registrerat konto hos dem innan den 19 december i fjol att byta lösenord. Källa: http://www.aftonbladet.se/nyheter/article4562242.ab Kommer inte åt spotify's hemsida just nu... Men jojje kan Citera Länk till kommentar Dela på andra webbplatser More sharing options...
jojje44 Postad 4 Mars , 2009 Rapport Share Postad 4 Mars , 2009 Dear Spotify user, Last week we were alerted to a group that managed to compromise our protocols. After investigating we concluded that this group had gained access to information that could allow testing of a very large number of passwords, possibly finding the right one. The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware that anyone had had access to our protocols to exploit it. Along with passwords, registration information such as your email address,birth date, gender, postal code and billing receipt details were potentially exposed. Credit card numbers are not stored by us and were not at risk. All payment data is handled by a secure 3rd party provider. If you have an account that was created on or before December 19th 2008, we strongly suggest that you change your password and strongly encourage you to change your passwords for any other services where you use the same password. When choosing your password we provide you with an indicator of the password strength to help you choose a good one. To change your password please visit your profile page on our website. https://www.spotify.com/en/account/profile/ For the technically minded amongst you, the information that may have been exposed when our protocols were compromised is the password hashes. As stated, we never store passwords, and they have never been sent over the Internet unencrypted, but the combination of the bug and the group's reverse-engineering of our encrypted streaming protocol may have given outsiders access to individual hashes. The hashes are salted, making attacks using rainbow tables unfeasible. Short or otherwise bad passwords could still be vulnerable to offline targeted brute-force or dictionary attacks on individual users, but you could not run attacks in parallel. Also, there has been no known breach of our internal systems. A complete user database has not been leaked, but until December 19th, 2008 it was possible to access the password hashes of individual users had you reverse-engineered the Spotify protocol and knew the username. We are really sorry about this and hope you accept our apologies. We're doubling our efforts to keep the systems secure in order to prevent anything like this from happening again. Regards, The Spotify Team . Citera Länk till kommentar Dela på andra webbplatser More sharing options...
brainslicer Postad 4 Mars , 2009 Rapport Share Postad 4 Mars , 2009 antagligen utvecklingen av det där som möjliggjort det: http://despotify.se/ men det verkar ju rätt lugnt annars, om man har hyfsat vettig lösenords hantering: For the technically minded amongst you, the information that mayhave been exposed when our protocols were compromised is the password hashes. As stated, we never store passwords, and they have never been sent over the Internet unencrypted, but the combination of the bug and the group's reverse-engineering of our encrypted streaming protocol may have given outsiders access to individual hashes. The hashes are salted, making attacks using rainbow tables unfeasible. Short or otherwise bad passwords could still be vulnerable to offline targeted brute-force or dictionary attacks on individual users, but you could not run attacks in parallel. Also, there has been no known breach of our internal systems. A complete user database has not been leaked, but until December 19th, 2008 it was possible to access the password hashes of individual users had you reverse-engineered the Spotify protocol and knew the username. Citera Länk till kommentar Dela på andra webbplatser More sharing options...
devalanteriel Postad 5 Mars , 2009 Rapport Share Postad 5 Mars , 2009 Ja, precis. Jag tycker att det låter som bästa möjliga - realistiska - sättet att förlora lösenord på, typ. Med det sagt har jag redan bytt pw trots att mitt gamla var unikt och innehöll blandning av små och stora bokstäver, siffror och specialtecken. Skadar inte att vara säker! Citera Länk till kommentar Dela på andra webbplatser More sharing options...
brainslicer Postad 5 Mars , 2009 Rapport Share Postad 5 Mars , 2009 Ja, precis. Jag tycker att det låter som bästa möjliga - realistiska - sättet att förlora lösenord på, typ. Med det sagt har jag redan bytt pw trots att mitt gamla var unikt och innehöll blandning av små och stora bokstäver, siffror och specialtecken. Skadar inte att vara säker! Jo, jag med... man bör ju ändå byta med jämna mellanrum, fördelen med "hyfsad lösnordshantering" är ju att man har tid på sig att byta även om någon kommit över hasharna utan att behöva börja panik ändra på konton med samma/lätta lösen. + att det ju inte alltid blir känt att nån kommit över hasharna. Tex om huvudsyfte är ekonomiskt sprider man ju inte såna uppgifter så andra kan förstöra för en själv... Updated security notice March 4, 2009 It seems that there is some confusion about who may be at risk due to the recently communicated leak of information that could be used to guess some user’s password. To clarify, your password is at risk only if all of the following apply: You had a Spotify account before December 19th, 2008 You have not changed your password since December 19th, 2008 You have a weak password Someone from a small group of people asked our servers specifically to see your account details before that date Someone from the same small group decided to put computation time towards guessing your password If your Spotify account was created before December 19th, 2008 you should have received an email about the issue by now, assuming that the email address you stated when registering the account was correct. btw, go do your duty: delete the annoying stuff and add your favorites Citera Länk till kommentar Dela på andra webbplatser More sharing options...
hubbahubba Postad 5 Mars , 2009 Rapport Share Postad 5 Mars , 2009 Är det bara jag som tycker att det är slappt av dem att säga -Någon kan ha utnyttjat detta I stället för -Någon skulle kunnat ha utnyttjat detta men våra loggar säger att så inte är fallet. Citera Länk till kommentar Dela på andra webbplatser More sharing options...
brainslicer Postad 5 Mars , 2009 Rapport Share Postad 5 Mars , 2009 http://www.idg.se/2.1085/1.216161/despotify-vi-vill-inte-skada-spotify Det enda som krävdes var att lägga till en delad spellista. Som svar spottade Spotify ut en uppsjö detaljer om ägarkontot. Namn, födelsedatum, e-postadress och en krypterad lösenordsfil. Citera Länk till kommentar Dela på andra webbplatser More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.