I just received a mail from Spotify about a security issue:
Along with passwords, registration information such as your email
address,birth date, gender, postal code and billing receipt
details were potentially exposed. Credit card numbers are not
stored by us and were not at risk. All payment data is handled
by a secure 3rd party provider.
Oh well. At least they hashed our passwords and secured the credit card transactions. All in all, I think they've handled themselves very well. Kudos for being so up front about this as well.