The credentials of Spotify users, including emails, usernames and passwords, were leaked on the website PasteBin on Monday, multiple outlets reported. However, since then Spotify has issued an official response. Citing that the security breach was nonexistent, a rep for Spotify said:
Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.
Even though multiple reputable sources such as TechCrunch say otherwise. All in all, the publication has received responses from over half a dozen individuals whose emails were posted, and multiple report suspicious activity. They’ve seen out-of-place songs being added to saved lists or showing as “recently played,” playlists deleted, or their account being used elsewhere. Others still were kicked out of the streamer or received a password reset notification.
In an article dated just yesterday, TechCrunch writer Sarah Perez delves deeper into trying to uncover the truth behind the incident:
In an article dated just yesterday, TechCrunch writer Sarah Perez delves deeper into trying to uncover the truth behind the incident:
Spotify has dealt with security incidents in the past, so one can’t immediately assume that a list of emails like this is related to a new data breach. It could have been that a list of previously compromised accounts is still circulating. And only one of the accounts we tried actually permitted a log in, which also left room for doubt about the recency of this particular incident.
But the victims we reached out to told us otherwise.
Perez goes on to say:
So far, over a half-dozen have responded, confirming that they did experience a Spotify account breach recently. They became aware of the breach in a number of ways – for example, one said he found songs added to his saved songs list that he hadn’t added.
Another also found his account had been used by an unknown third party.
“I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices,” the victim, who preferred to remain anonymous, told us.
Only time will tell – will it turn out to be a new incident, a resurfacing of credentials stolen in a previous attack, a collection of phished/keylogged logins? If you are one of the millions of people around the world who love to listen to music on Spotify, you may need to change your password immediately.