, the online music streaming service, said it has implemented ‘more rigorous’ security for customer account passwords in the wake of reports that some of those passwords had been leaked online. 

In a post on the company’s Website, said that its investigation of reports that hashed (or encrypted) passwords for accounts were among those found on a Russian website this week wasn’t complete but was “important enough to act on,” and reiterated its request that all users change their account password and any sites where they reused that password. The company also said it had taken additional steps to secure password data, though it did not go into detail about what those steps were. 

“All the updated passwords since yesterday afternoon have been secured with a more rigorous method for user data storage,” the company said. would be “redoubling our efforts to protect our users’ data” going forward, according to the post
Little is known about how the passwords were stored or how they were ultimately obtained by hackers. Statements from and, which also suffered breaches, have revealed security flaws in the way those companies stored hashed password values within their back end databases. In particular, LinkedIn relied on passwords that were hashed using a single pass through the SHA-1 encryption algorithm and didn’t employ so-called “salts” to add complexity to the stored value. That has made it easy for hackers to match hashed values with known passwords up to a certain length. 

An e-mail request sent to requesting information on the additional steps taken was not immediately returned.  

Categories: Cloud Security, Hacks, Web Security

Comment (1)

  1. Goliath


    I have been a strong supporter of 2FA for some time now, and I wish these sites and ones like them would be more security conscious, not just say they are. They need to prove it by actions, not words.  It would be great to see them, just as so many other leading companies in their respective verticals are doing by giving us the perfect balance between security and user experience and moving to the use of 2FA (two-factor authentication) whether mobile or other, as a form of a token where the user is asked to telesign into their account by entering a one-time PIN code which is delivered to your phone via SMS or voice. These organizations need to start being held responsible for their actions, and only way that will happen is if we as user voice our opinion.


Comments are closed.