The details the hackers may have gotten their hands on include: passwords, email address, birth date, gender, postal code and bill receipt details.
Spotify have said:
Last week we were alerted to a group that managed to compromise our protocols. After investigating we concluded that this group had gained access to information that could allow testing of a very large number of passwords, possibly finding the right one. The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware that anyone had had access to our protocols to exploit it.
What you need to do.
If you signed up on Spotify before December 20th 2008 and if you use the same password on alternative services – change ALL your passwords immediately.
More at the Spotify Blog.