Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Spotify data breach avoidable

CyberArk Software : 09 March, 2009  (Technical Article)
Recent hack on the Spotify music portal could have been avoided with greater care of data security according to Cyber-Ark
Cyber-Ark says that this week's major hack of the Spotify music portal, which was only launched in the UK quite recently, could easily have been avoided.

'Spotify's business model is to offer music for free, in return for user credentials and ads being played on a regular basis, but it should not have launched in the UK knowing its security systems were not up to scratch,' said Mark Fulbrook, Cyber-Ark's UK and Ireland Director.

'Had the company protected the personal data of its customers, which included the names, birth dates, post codes and other information, perhaps using a data vaulting technology, then this public relations fiasco would not have happened,' he added.

The only piece of good news, he went on to say, is that because premium account payment card details are handled by an external company, this data remains intact.

Fulbrook is also critical of the way that Spotify has handled the data breach. Unlike in the US, where companies are legally bound to notify their customers of a data breach, no such legal requirement yet exists in the UK, although companies have a moral duty to do so, he noted.

Yes, he says, Spotify is a free-to-use service, but the fact that it has effectively treated its customers - who are central to its business model - with disdain, is not a positive sign.

'All that Spotify has done is to make a series of postings advising customers to change their passwords. Sure, the company claims it is reinforcing its security, but his is like locking the door after the horse has bolted,' he said.

'The security faux pas that caused Spotify's data breach and consequent public relations fiasco, should have been sorted during the testing phase, and not so soon after the service's UK commercial launch. What a fiasco,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo