Short snippet from the Spotify blog. It’s time to change your password my friends.
Dear Spotify user,
Last week we were alerted to a group that managed to compromise our protocols. After investigating we concluded that this group had gained access to information that could allow testing of a very large number of passwords, possibly finding the right one. The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware that anyone had had access to our protocols to exploit it.
Not cool Spotify, not cool. Not good for PR or security online either for that matter.