According to a statement from Spotify, passwords, registration information such as your email address, birth date, gender, postal code and billing receipt details were potentially exposed.
Spotify was quick to let people know that they do not keep credit card numbers. This means that at least subscriber credit cards were safe.
Read more here.
It said that the bug in the system was spotted and fixed shortly before Christmas, meaning that only users who signed up before December 19 could be affected. It is not clear how many people were using the service at that time, since Spotify was still an invitation-only service and has grown more rapidly in the subsequent months.
It is a troubling moment for Spotify, which is based in Sweden and London, and has been hailed by some as the future of online music.
The service has grown rapidly in recent weeks after it opened its doors to allow anyone from Britain to sign up. As a result, the company now boasts more than a million users across Europe, with an estimated 250,000 in the UK alone.