Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.
In an article dated just yesterday, TechCrunch writer Sarah Perez delves deeper into trying to uncover the truth behind the incident:
Spotify has dealt with security incidents in the past, so one can’t immediately assume that a list of emails like this is related to a new data breach. It could have been that a list of previously compromised accounts is still circulating. And only one of the accounts we tried actually permitted a log in, which also left room for doubt about the recency of this particular incident.
But the victims we reached out to told us otherwise.
Perez goes on to say:
So far, over a half-dozen have responded, confirming that they did experience a Spotify account breach recently. They became aware of the breach in a number of ways – for example, one said he found songs added to his saved songs list that he hadn’t added.
Another also found his account had been used by an unknown third party.
“I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices,” the victim, who preferred to remain anonymous, told us.