Spotify accounts leaked in apparent data breach

April 26, 2016 // 12:05 p.m.

Tags: #account-details #breach #data-breach #insecurity #leak #password #personal-details #security #spotify

Users of the popular music streaming service Spotify are being warned to change their password following the leaking of hundreds of account details - but the company denies it has been breached.

A list of the personal details for hundreds of Spotify users, including email addresses, usernames, passwords, country of origin, account type and subscription date, was uploaded to text sharing site Pastebin on the 23rd of April. TechCrunch, one of the first sites to notice the leak, worked to verify the legitimacy of the data by contacting a selection of the emails and received six or so responses not only confirming that the data was accurate but that they had experienced glitches on the account indicative of unauthorised third-party access - despite TechCrunch having found only one account in an unknown number attempted that would allow them to log in to the site.

In an official statement on the matter, a Spotify spokesperson denied there was any evidence of a security breach. 'Spotify has not been hacked and our user records are secure,' the company told TechCrunch. 'We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.'

Customers contacted by Spotify have denied receiving any such notification, though anyone experiencing issues with their account would do well to change their password and remove any authorised devices they do not recognise.
Discuss this in the forums

QUICK COMMENT

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU