Spotify exposed: list appears online with hundreds of account details

Something fishy is going on, and it involves a bunch of Spotify accounts. A Pastebin text document recently surfaced online containing what appears to be the login details for hundreds of Spotify accounts, and some Spotify users are surfacing with claims that they've been locked out of their own accounts, in part. Spotify, however, has denied that it has been the victim of a hack, leaving many in the dark about what exactly is going on.

The Pastebin post details things like when the breached Spotify account is set to renew, what kind of account it is (family, premium, etc), what country the subscriber is from, and the account's username. The accounts belong to people around the world, at least by the looks of the Pastebin; there are no personal details included like the subscriber's name or payment information.

Reports have surfaced online from Spotify users who indicate their accounts have been compromised — some have taken to Twitter to say they have been locked out of their accounts, in some cases even while they were listening to music. Those individuals then were unable to log back in, indicating the account passwords or email addresses had been changed. Many reports have been recent, indicating that at least some of the account details are freshly acquired.

It doesn't seem that Spotify has sent out any notifications to users about a possible breach. In a statement to TechCrunch, the company denied that any hack has taken place, saying:

Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.

Apparent victims speaking to them state they found out their accounts were compromised when they received an email saying the password had been changed. Many have said they've worked with Spotify to get the issue fixed, while others are still having trouble getting the service to recover their accounts. As well, some people have reported that other accounts — banks, social networks, etc — where they used the same password have also been accessed by an unknown third party.

Those with a Spotify account may want to consider updating their password to be on the safe side.

SOURCE: TechCrunch