Just when it was all going so well for Spotify, with a million users signed up and adulatory reviews in every media outlet going, the streaming music firm has revealed a dangerous security breach on its servers. In a blog post, the company says its protocols were compromised last week by a group that got access to information that “could allow testing of a very large number of passwords, possibly finding the right one”. It’s due to a bug that was found and fixed in December, but Spotify hadn’t realised that anyone could exploit it.”Along with passwords, registration information such as your email address, birth date, gender, postal code and billing receipt details were potentially exposed,” says the company. “Credit card numbers are not stored by us and were not at risk. All payment data is handled by a secure 3rd party provider. If you have an account that was created on or before December 19th, 2008, we strongly suggest that you change your password and strongly encourage you to change your passwords for any other services where you use the same password.”The company has apologised to users, and says it’s ramping up its security efforts. Whether the news causes some of those million users to quit the service remains to be seen, though.One comment on Spotify’s blog post has linked the news to an open-source Spotify client called Despotify, but as yet there’s no proof that this is the protocol breach referred to. Last week, Despotify was blocked for users on free or daypass accounts, although it still works for premium users.