Names, passwords among leaked details, although Spotify maintains all is fine
Spotify users have been urged to change their passwords after the personal details of hundreds of its users were posted online.
The usernames, passwords and email addresses of Spotify members were discovered on Pastebin by security researchers, and also revealed to be up for sale to anyone wishing to pay up.
However, the music streaming service has denied its systems have been compromised, despite many users taking to social media sites to complain that their accounts had been accessed, with playlists altered and new items appearing on lists of recently-played songs.
Spotify has not replied to TechWeekEurope’s request for comment, but the company told TechCrunch that it, “has not been hacked and our user records are secure.”
“We monitor Pastebin and other sites regularly,” it said. “When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”
However some users told TechCrunch that they had now been kicked out of their accounts, with the login information now changed to include a new email address, and have now had to link with Spotify’s customer service to get their account access restored.
The hack is thought to have affected both standard, free accounts, but also Spotify Premium, which costs £9.99 per month. Spotify has more than 20 million global subscribers and 75 million active users.
The news is the latest security issue to affect Spotify in recent months, after the details of hundreds of Spotify Premium accounts were apparently also leaked back in February.
These details were also posted on Pastebin, with Spotify offering a similarly-worded comment to the one issued above, suggesting that the company may need to boost its security provisions somewhat.
How much do you know about the world’s most notorious hackers? Try our quiz!