You may want to change your Spotify password – right now. A list of hundreds of Spotify usernames, passwords, account types, and other details showed up on Pastebin.com, a text-sharing site, on April 23.
The data is specific to Spotify, and TechCrunch verified that it could, in fact, log into a few of the compromised accounts.
While the first possible explanation that came to our minds was 'hack', Spotify denied such a data breach occurred.
"Spotify has not been hacked and our user records are secure," Spotify spokesperson Graham James told us. "We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords."
Put on repeat
Though Spotify denies a hack occurred and isn't saying what happened, this wouldn't be the first time it's been targeted.
Similar security breaches happened in 2009, 2014, and yet again last November. You'd think that the company would have beefed up its security by now, but the streaming music service still lacks simple two-factor authentication.
TechCrunch received stories from several Spotify users who noticed something fishy was going on with their accounts. One user noticed unrecognized songs showing up in his "recently played" history. Other users claimed they were kicked off of Spotify mid-stream because someone was using their credentials.
Even worse, some of the leaked passwords compromised other accounts since users kept the same password across different sites and services.
This particular data leak is odd as most data obtained in breaches is usually sold off, but it appears the data is actually being put to use.
Although Spotify claims your data is safe, it couldn't hurt to change your password. Make sure to hit "Sign out of everywhere" in the settings to ensure your new password is required for login.
We'll keep following this story and let you know if any new information comes to light.