Security hole threatens MP3 users' personal data

A security hole in the popular Morpheus peer-to-peer client could expose the personal details of millions of file-swappers

MP3 fans using the Morpheus file-swapping service risk having their personal details exposed online, according to security experts.

Morpheus in now the most popular file-swapping service on the Internet. The security hole means that the personal details of millions of people are now at risk of exposure. According to the Web site of MusicCity -- the company that created Morpheus -- more than nine million copies of the client have been downloaded.

MusicCity Networks could not be contacted for comment.

A new security hole has been discovered in the peer-to-peer file-sharing application, which allows a random list to be generated of people using the service. A malicious hacker could then access the computers of those users and copy files from anywhere on their hard disk. Usually, Morpheus only allows access to files placed in a specific folder, like other peer to peer file-sharing clients.

The privacy risk was reported to BBC News Online by a group of security experts, who are choosing to remain anonymous. They have described the exploit as "very dangerous", and have warned that this could make every Morpheus user's computer available to anyone who wants to access it.

The Morpheus peer-to-peer application allows users to search for digital media, such as music and videos, on the MusicCity network. The service also allows content providers to deploy third-party digital rights management technology to protect their copyright works. This protects the copyrights of artists involved, and has helped it to prevent a Napster-style shutdown.


See the MP3 News Section for the latest on everything from MP3 players to Napster and the other music swapping services.

Have your say instantly, and see what others have said. Go to the Napster Debate.

Let the editors know what you think in the Mailroom.