Spotify denies being hit by a data breach as user data appears online

26 Apr 201661 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Despite email, usernames and more appearing in a Pastebin post, streaming service Spotify is vehement that it has not been breached

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Spotify has denied it has been hacked, after the credentials of hundreds of users of the streaming service, including emails, usernames and passwords, are understood to have been posted to Pastebin.

The data breach is understood to have happened in recent days.

As well as email and login information, the Pastebin post is understood to detail the type of accounts, such as family or premium, when the subscription renews and where the account was created.

Despite the report by TechCrunch citing data “specific to Spotify”, Spotify is insisting it has not been hacked.

The report suggested that the account details may have been from a previous attack. However, its authors were able to log into one of the hacked accounts.

Spotify denies it has been hacked

“Spotify has not been hacked and our user records are secure,” a company representative told tech news site CNET.

“We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”

Despite Spotify’s insistence that an attack has not occurred, some Spotify users have been reporting unexplained activity in their accounts, such as recently played songs they hadn’t listened to, while others have claimed their login emails were changed.

Yesterday, Verizon’s 2016 Data Breach Investigations Report indicated that data breaches are on the rise, caused primarily by successful phishing attacks.

According to the report, in 93pc of cases, it took attackers minutes or less to compromise systems. However, often it took businesses weeks, if not months, to realise they had been breached.

Spotify image via Shutterstock

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com