The account details of hundreds of Spotify users were recently uploaded to the website Pastebin in what appears to have been a security breach.
The information posted on Pastebin, a website where you can store text online for a set period of time, included emails, usernames, passwords, account type, date of subscription, and the country where the account was created.
TechCrunch reached out to some of the victims via email and confirmed that the accounts were compromised ‘only days ago’.
Spotify denies that it was hacked, says that its records are secure.
“Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords,” a Spotify spokesman said.
Spotify has suffered data breaches in the past, just last November hundreds of email addresses and passwords were posted publicly. So it is possible that the information posted on Pastebin might not have been gathered via a new breach.
Mark James, security specialist at security firm ESET, told The Telegraph:
“It’s extremely hard to be 100 per cent certain they have not been breached, unless they have actual evidence of the breach while it’s happening or clear logs indicating the breach, all they can do is study the “leaked” information and verify its authenticity.
“It should be relatively easy to verify, the information should be quite unique for that industry and it would be clear soon enough if it is legitimate. There are many ways data can leak, malware-centric or even employee leaked, it’s quite possible that this is old data that has resurfaced.”
One victim told TechCrunch: “…I was definitely hacked and later tried googling ‘Spotify hack news’ last night to no avail… I noticed it last night when I opened Spotify on my phone and saw someone was using my account somewhere else.”