Your Spotify account details -- including passwords, email address and billing receipts -- may have been stolen, after the streaming music service reported its security was compromised and exploited by hackers.
"The information was exposed due to a bug that we discovered and fixed on 19 December 2008," Spotify revealed on its official blog. "Until last week we were unaware that anyone had had access to our protocols to exploit it."
Spotify says users' credit card details were not revealed to hackers, as these are processed by an unaffected third-party credit card company.
Only users who signed up to Spotify before 19 December 2008 are at risk, and changing your password would not be the worst idea at this point. Exactly who is at risk has been laid out in a separate article on the Spotify blog.
This won't go down as the worst data breach ever, a record which currently goes to the 11 prosecuted hackers who stole the credit card details of up 100 million TK Maxx shoppers last year. But it's a severe blow for the start-up after several months of rapid growth and positive press.