Spotify, the Swedish internet radio service, has revealed that hackers have gained access to the login details and passwords of its users.
The service, which is thought to have around a million users worldwide, allows music fans to create a playlist of songs from Spotify's catalogue. They can also create 'collaborative' playlists, which are assigned their own web addresses, and can then be added to by other Spotify listeners. The tracks are broadcast in a style similar to commercial radio, in that they are peppered with adverts.
Users can also get ad-free listening for 99p per day, while a £10 monthly subscription ensures they never hear an advert again.
In a blog, Spotify said: "The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware that anyone had had access to our protocols to exploit it".
Spotify said users that signed up before December 19 were likely to be affected and should change their passwords immediately, especially if the same password is used on another web-based service such as online banking.
"When choosing your password we provide you with an indicator of the password strength to help you choose a good one," Spotify said.
The music service also reassured users that their credit-card details were not at risk. "Credit card numbers are not stored by us and were not at risk. All payment data is handled by a secure 3rd party provider."
"We're doubling our efforts to keep the systems secure in order to prevent anything like this from happening again," added Spotify.