“Spotify has not been hacked and our user records are secure. This seems to contradict the statement a Spotify spokesperson provided us today when asked about this possible breach: In none of the reported cases so far did Spotify reach out to the victims immediately following the breach, nor were their passwords proactively reset for them on their behalf by Spotify.
To resolve the matter, users said they’ve had to work with Spotify customer service to get their account access restored. When trying to log back in, these users found that their account email had been changed to a new email address not belonging to them. Several others said they were kicked out of Spotify – one even in the middle of streaming music. “I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices,” the victim, who preferred to remain anonymous, told us. They became aware of the breach in a number of ways – for example, one said he found songs added to his saved songs list that he hadn’t added.Īnother also found his account had been used by an unknown third party. So far, over a half-dozen have responded, confirming that they did experience a Spotify account breach recently. And only one of the accounts we tried actually permitted a log in, which also left room for doubt about the recency of this particular incident.īut the victims we reached out to told us otherwise. It could have been that a list of previously compromised accounts is still circulating. Spotify has dealt with security incidents in the past, so one can’t immediately assume that a list of emails like this is related to a new data breach. The list of accounts is not limited to the U.S., but includes a number of users from all over the world. family, premium), when the subscription auto-renews, and the country where the account was created. In addition to the email and login information, the Pastebin post also details the type of account (e.g.
It’s unclear, then, where these particular account details were acquired, given that they are specific to Spotify, rather than a set of generic credentials that just happen to work on Spotify. However, Spotify says that it “has not been hacked” and its “user records are secure.” After reaching out to a random sampling of the victims via email, we’ve confirmed that these users’ Spotify accounts were compromised only days ago. A list containing hundreds of Spotify account credentials – including emails, usernames, passwords, account type and other details – has popped up on the website Pastebin, in what appears to be a possible security breach.
0 kommentar(er)
