Beginning early this week, user info emerged in three separate data dumps on Pastebin, and for some particularly unlucky users, home countries, account types, and account renewal dates were also revealed. As of yet, it is unknown who is responsible for the recent exposure, and Spotify is denying that their service was hacked.
”Spotify has not been hacked. We monitor Pastebin and other sites regularly,” a spokesperson said about the incident. “When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”
That said, Spotify users appear to be telling a different story — Forbes reports that it has independently received confirmation from more than 80 users that the published data was valid, and moreover, 15 users “also confirmed that the leaked passwords were unique to Spotify.”
Forbes also notes that the “vast majority” of Spotify users reporters spoke to said “Spotify failed to notify them their account information had been compromised.” Apparently, there’s been some serious breakdown in communication at the music streaming service.
Related: Spotify looking to halt $150 million class-action lawsuit over royalties
While no credit card information has yet been made public, some users are concerned that more leaked information may be revealed. “They’re not going to post payment information for free when they can sell it,” said one victim of the supposed hack. “This is like marketing showing they’re going to sell on the black market. Most hacks are for monetary gain, which is why they go for high-value services like Spotify Premium.”
To find out if your information has been compromised, visit haveibeenpwned.com.
