Stephen says Napster sent him an email with his username and password because his subscription was about to expire. Upset by what he saw as an unsolicited violation of his privacy, he complained to the music service and got a response that assured him his “private information is safe.”
Recently I’ve had some issues with Napster’s security on their website and through emails they’ve sent. For the past three months, I have had a 3 month Subscription to Napster’s online streaming service. Napster sent me what I thought was going to be a kind reminder of the end of my subscription. However, once I received and read the email, I was appalled at what I saw. The email told me my subscription had ended and that I should renew or buy a subscription. I looked to the right of this and saw where they had sent me my username and password explicitly in the email. The password was clear as day in the email and anyone who could have seen this on my screen at the time or anyone who had access to my email would have been able to see my password.
I see this as a huge security issue. I did not ask for my password, therefore I did not give them my consent to send it to me.
In addition to this, after last week’s huge news story about the Firefox extension, Firesheep, I noticed that Napster does not have a “secure” website. Their is no SSL encryption on their website login. Anyone who would login to Napster on an open network would be vulnerable to someone seeing their password and going on a music shopping spree or just stealing personal and financial information.
Both of these are major issues to me and I would like something to be done about it. I’d love for some attention to be brought to this to make Napster make some changes quickly. I was actually about to purchase 6 more months of service, but after learning of these security flaws, I will be taking my business elsewhere until changes are made.
Here’s the response I received from Napster about this issue:
Thanks for contacting Napster Customer Support.
We appreciate your feedback, comments and suggestions. Your suggestions have been forwarded to our Product Development group for consideration in a future releases.
Thanks for using Napster!
This mode of operation would be a lot more alarming if it came from a bank, but Stephen’s concern seems legitimate. We’ll keep you posted if we hear Napster decides to keep its user’s passwords to itself until they ask the company to send them.