This time we may need to remove the word "web" leaving this incident classified only as "application security". Spotify is a new music streaming radio like service from Sweden. A weakness in Spotify streaming protocols enables hackers to gain access to users' encrypted passwords, email address, birth date, gender, postal code and billing receipt.

An interesting aspect of this incident is that while the vulnerability has been discovered and fix on December 19^th, the fact that it was actually exploited was discovered only in March 2009. Many times companies report that a vulnerability was found on there site, but they are not aware of any exploit of the vulnerability. As this incident shows, even if the company is not aware, there is a chance that the vulnerability was exploited.