If you’ve noticed anything strange in your Spotify history or account over the last few days, there may be an alarming explanation: The streaming service seems to have been breached recently, according to TechCrunch, with hundreds of account credentials being posted on Pastebin on April 23. The sensitive information reportedly includes email addresses, usernames, passwords, account types, and more.
While Spotify insisted in a statement sent to multiple publications that no such hack has occurred, TechCrunch sources seem to suggest otherwise. All in all, the publication has received responses from over half a dozen individuals whose emails were posted, and multiple report suspicious activity. They’ve seen out-of-place songs being added to saved lists or showing as “recently played,” playlists deleted, or their account being used elsewhere. Others still were kicked out of the streamer or received a password reset notification.
Spotify’s response to whether or not a recent breach had occurred was a hard no, though. A spokesperson issued the following statement:
Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.
With a similar dump of Spotify user’s data reportedly taking place in February, it’s possible that the events are actually connected. (At the time, premium members’ credentials appeared on Pastebin.) The users that TechCrunch reached out to, however, seem to have only had problems with their accounts recently. Whatever the case, what’s fortunate is that neither incident seemed to include any credit card information being released.
We’ve reached out to Spotify about the possible breach and are waiting to hear back. We’ll update as new developments occur. In the meantime, if you’ve noticed anything strange on your account, you may want to change your password — better to be safe than sorry, right?