User Credentials Show Up on Pastebin, But Spotify Denies Data Breach
A list containing hundreds of Spotify account credentials appeared on Pastebin, in a possible security breach of the music streaming service. While Spotify has denied the hack saying that its "user records are secure," victims of the breach who have to face weird music playlists beg to differ.
Spotify denies hack after data shows up on Pastebin
First reported by TechCrunch, it is unclear how the data has been leaked if Spotify claims that its servers haven't been hacked. The leaked data - including emails, usernames, passwords, account type, and other details - is specific to Spotify, rather than something that just works on Spotify. Since Spotify has had to deal with several security incidents in the past, it is possible that there was no newer hack involved, and that the data has been leaked from an earlier breach. However, Spotify users have only started experiencing strange activity in the past few days.
TechCrunch has reported that Spotify users have experienced several different activities in the last few days, including a case where a victim found songs in his playlist that he had never added.
I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices.
Some users also reported that they were booted out of their account and found that their account was attached to a new email address, not belonging to them. This is odd as many reports involving the latest Spotify data breach shows that the hackers (or others) are actually using the credentials to play songs and use Spotify, and not resell the data which is what often happens. This further goes in favor of Spotify as this might have been an earlier data breach that has leaked now and is being misused by others.
"Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords." - Spotify