Spotify user data hacked and exposed on Pastebin

Spotify has lashed out reports claiming that the streaming service has been hacked and that account details of users are now available on Pastebin.

User account details stolen by hackers from Spotify include e-mail addresses, usernames, passwords and type of accounts.

First reported by TechCrunch, leaked details of individual user accounts also include subscription renewal dates but it seems no payment information or credit card details were leaked on Pastebin. However, the popular streaming service does not agree with the reports.

"Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are we immediately notify affected users to change their passwords," said a spokesperson to TechCrunch.

Since Spotify is so sure about not being hacked, we believe the streaming service hasn't done anything about it so far. However, a lot of Spotify users have written to TechCrunch in the past few days, claiming that their accounts were hacked.

"I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices," said one such user.

“…I was definitely hacked and later tried googling ‘Spotify hack news’ last night to no avail. I noticed it last night when I opened Spotify on my phone and saw someone was using my account somewhere else,” wrote another.

Other complaints from users included passwords being changed, e-mail addresses being changed and random songs appearing on playlists. These issues could be after-effects of a previous hack as well but the fact that a lot of complaints have popped up in the last few days points to a worrying trend. However, there is no confirmed proof to claim that the hack was recent.

With hacker getting access to the latest tools to overcome security settings, we have been witness to a large number of systematic hacks as well as access-denying DDoS attacks on major websites and services like BBC, Ashley Madison, V-Tech, Hello Kitty and servers of Oxford and Cambridge universities in the last one year.

Because of the increasing frequency of such attacks, major websites and services have started using powerful encryption tools to safeguard privacies of their users. While Gmail now features a new Data Loss Prevention tool to prevent confidential data from leaking out, WhatsApp and Facebook have initiated end-to-end encryption of user data to guard them from hacking attempts.

Leave a Comment