Security and geoblocking

Dear Pandora Visitor, We are deeply, deeply sorry to say that due to licensing constraints, we can no longer allow access to Pandora for listeners located outside of the U.S., Australia and New Zealand. We will continue to work diligently to realize the vision of a truly global Pandora, but for the time being we are required to restrict its use. We are very sad to have to do this, but there is no other alternative.
 We believe that you are in Switzerland (your IP address appears to be ███.███.███.███). If you believe we have made a mistake, we apologize and ask that you please email us.
 If you have been using Pandora, we will keep a record of your existing stations and bookmarked artists and songs, so that when we are able to launch in your country, they will be waiting for you.
 We will be notifying listeners as licensing agreements are established in individual countries. If you would like to be notified by email when Pandora is available in your country, please enter your email address below. The pace of global licensing is hard to predict, but we have the ultimate goal of being able to offer our service everywhere.  We share your disappointment and greatly appreciate your understanding.
 Sincerely, Tim Westergen Founder

A long time ago, I had a Pandora account. Then, one day, they decided they could no longer offer service to someone in Switzerland, so they blocked access based on the geographical coordinates associates with my IP address (Geoblocking). So I forgot about that service and my account until I receive the following e-mail:

Dear Pandora listener:
As a precaution, we want to make you aware of a situation that could possibly affect your Pandora account.

First off, there is no evidence that your Pandora account has been compromised or tampered with in any way.

However, usernames and passwords that were breached from a service other than Pandora a few years ago were posted on the web recently.

In order to protect Pandora Listeners, our security teams have analyzed the data and found that your Pandora username was included in the list.

If you share passwords across services and haven’t updated them recently, and you haven’t already reset your Pandora password, you should do so now.

Of course I did no update my Pandora password recently, as I could not access my account. So I followed the link that asked me to change my password, which lead me to a page telling me that:

Dear Pandora Visitor,

We are deeply, deeply sorry to say that due to licensing constraints, we can no longer allow access to Pandora for listeners located outside of the U.S., Australia and New Zealand. We will continue to work diligently to realize the vision of a truly global Pandora, but for the time being we are required to restrict its use. We are very sad to have to do this, but there is no other alternative.

We believe that you are in Switzerland (your IP address appears to be ███.███.███.███). If you believe we have made a mistake, we apologize and ask that you please email us.

If you have been using Pandora, we will keep a record of your existing stations and bookmarked artists and songs, so that when we are able to launch in your country, they will be waiting for you.

We will be notifying listeners as licensing agreements are established in individual countries. If you would like to be notified by email when Pandora is available in your country, please enter your email address below. The pace of global licensing is hard to predict, but we have the ultimate goal of being able to offer our service everywhere.

We share your disappointment and greatly appreciate your understanding.

Sincerely, Tim Westergren Founder

So I go back to the link which leads me to a contact form. I write a message explaining the situation, in response I get the following e-mail.

Hi Matthias,

Sorry for any trouble logging into your account.

I have reset your password to be: ██████████

Whenever you are back in an area where you can access Pandora, go to http://www.pandora.com from a computer, make sure to use your full email address (█████@██████.███) and the password, and click on ‘Log In.’

So the situation is now the following:

  • My Pandora account still contains personal information
  • My Pandora identifier was leaked
  • Access to my account is blocked to me
  • My password was sent unencrypted over the web

Security. 🞏

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: