Hundreds of Spotify account credentials were posted to the Web in a possible security breach, TechCrunch reports.Emails, usernames, passwords, account types, and other details specific to Spotify recently appeared online, though the company denies it was hacked. “User records are secure,” the streaming music service told PCMag.
The Pastebin post, though dated April 23, may not be the result of a new cyber attack. When tested by the news blog, only one of the leaked accounts allowed the site to gain access, suggesting the data is out of date.
Still, a handful of people told TechCrunch their personal accounts were breached as recently as last week.
Suspicions heightened when some users found ‘recently played’ songs they’d never listened to, or were kicked out of Spotify only to find their account email had been changed to a unfamiliar address.
“We monitor Pastebin and other sites regularly,” a company spokesman told PCMag in a statement. “When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”
In this case, several folks who re-use passwords (don’t do this!) reported that some of their other online accounts were breached, including Facebook, Uber, Skype, and even bank accounts.
In February, the International Business Times UK reported a Spotify Premium breach; separate data dumps revealed hundreds of users’ email addresses, passwords, account types, and renewal dates—information similar to what TechCrunch uncovered.
Three months earlier, more than a thousand email addresses and passwords were leaked following a hack.
Editor’s Note: This story was updated at 10:50 a.m.
Eastern with comment from Spotify.