Spotify denies being hit by a data breach as user data appears online

26 Apr 2016

Despite email, usernames and more appearing in a Pastebin post, streaming service Spotify is vehement that it has not been breached

Spotify has denied it has been hacked, after the credentials of hundreds of users of the streaming service, including emails, usernames and passwords, are understood to have been posted to Pastebin.

The data breach is understood to have happened in recent days.

As well as email and login information, the Pastebin post is understood to detail the type of accounts, such as family or premium, when the subscription renews and where the account was created.

Despite the report by TechCrunch citing data “specific to Spotify”, Spotify is insisting it has not been hacked.

The report suggested that the account details may have been from a previous attack. However, its authors were able to log into one of the hacked accounts.

Spotify denies it has been hacked

“Spotify has not been hacked and our user records are secure,” a company representative told tech news site CNET.

“We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”

Despite Spotify’s insistence that an attack has not occurred, some Spotify users have been reporting unexplained activity in their accounts, such as recently played songs they hadn’t listened to, while others have claimed their login emails were changed.

Yesterday, Verizon’s 2016 Data Breach Investigations Report indicated that data breaches are on the rise, caused primarily by successful phishing attacks.

According to the report, in 93pc of cases, it took attackers minutes or less to compromise systems. However, often it took businesses weeks, if not months, to realise they had been breached.

Spotify image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years