It appears as though Spotify might be inadvertently “streaming” some data that users would prefer be kept private — although the streaming music platform attests that there is no cause for concern.
TechCrunch reported yesterday (April 25) that identifiable information of hundreds of Spotify users — including emails, usernames, passwords and account types — showed up on the website Pastebin. While the outlet attests that a number of the users identified therein (which TechCrunch contacted directly) are alleging breach, Spotify states otherwise.
The company shared the following statement with TechCrunch: “Spotify has not been hacked, and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”
As for the alleged victims of the breach that spoke to TechCrunch, the ways in which they became aware of the situation vary. One person told the outlet that he had spotted saved songs in his playlist that he hadn’t actually added himself, while another user had experienced a similar situation regarding “recently played” songs.
In the case of users who reported to have had their login credentials compromised, they told the outlet that they have had to work with Spotify customer service to regain access to their accounts.
Based on the accounts of the users with whom it communicated, TechCrunch estimates that the possible breach occurred sometime last week.
The outlet additionally reports that none of the alleged hacking victims with whom it spoke reported to have been contacted directly by Spotify to address the issue. TechCrunch posits the theory that — if a breach did, in fact, occur — it’s possible that Spotify is currently in the time-consuming process of verifying account credentials.