A list of Spotify account credentials for hundreds of users was leaked to the website Pastebin in what seems to be either a security breach or a leak from the inside. These details include usernames, passwords, emails, and other account info – a number of users are reporting that their accounts were targeted as a result. Some cited changes to their music preferences, while others claimed they were unable to log in to their accounts as their passwords had somehow been changed.
As an anonymous victim reported In a statement to Tech Crunch, “I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices.”
This would neither be the first nor the second breach that Spotify has encountered thus far, so we can’t be 100% sure whether the data come from a new breach or was previously acquired and just leaked recently. Either way, it is definitely be possible that there are many more account credentials that may be leaked in the future.
Asked about the incident, a spokesman denied allegations that Spotify was attacked :
“Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”
The page with the leaked information is dated April 23, although statements from many affected users indicate that the issues began last week. Some also said they received emails on Sunday, telling them that their passwords had been changed. As another user explained, “I was definitely hacked and later tried googling ‘Spotify hack news’ last night to no avail… I noticed it last night when I opened Spotify on my phone and saw someone was using my account somewhere else.”
In order to protect the victims, we must refrain from posting a link to the Pastebin page to protect the victims (as many other sources have done). However, we will post a screenshot with all personal data censored out. Please remain on high alert if you notice that your account has been suspiciously accessed, especially if you’ve linked Spotify with your social media pages or you use the same password to log in to other websites. Several users have even reported suspicious activity on their Skype, Facebook, Uber, and even bank accounts. Even if your account was not tampered with, we highly recommend that you change your password immediately – better safe than sorry!