Spotify users are sweating this morning after the private details of hundreds of users appeared online.
The leaked info, which appeared on Pastebin, includes email addresses, usernames, passwords and account types.
Tech website TechCrunch has reached out to Spotify users and confirmed that their accounts were compromised, though Spotify argue that their database was not hacked.
Some users have even reported logging in to the app to find songs in their ‘Recently Played’ folder that they hadn’t listened to.
According to TechCrunch’s report, the users who have experienced unusual activity on their accounts first noticed it last week.
https://twitter.com/erinelizasteves/status/724788588253081600
Most Spotify users access the app through Facebook, so in order to protect yourself from people sneaking into your Spotify and switching on some heavy metal while you try to enjoy some Simon and Garfunkel, you might want to change your Facebook password.
The "captured keys" format of the pastebin posts clearly indicates this is a hack of users and not @Spotify itself https://t.co/rzDLWMGBmn
— Dr. Wesley McGrew (@McGrewSecurity) April 25, 2016
Spotify issued this statement to Tech Crunch:
“We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”
This isn’t the first time that Spotify has had a data breach: last autumn, over 1,000 email addresses and passwords were leaked.
