Spotify Denies Being Hacked Despite User Account Details Leaking To Pastebin

Someone posted a list to Pastebin containing compromised account credentials belonging to a relatively small number of Spotify users. The list, which is few hundred names deep, contains usernames, passwords, emails, account type, and other details, seemingly suggesting the site has been hacked.

The accounts appear to all have been compromised within the past few days, though Spotify contends that it wasn't hacked. Assuming that's true, it would point to a collection of names gathered by other means, such as phishing attempts and poor computing habits, including the use of a single password for multiple accounts and services.


"Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords," Spotify told TechCrunch.

Those affected by the data dump are finding out in different ways. Some were contacted by media outlets investigating the authenticity of the details, others discovered that something was amiss when new songs were added to their playlists, songs they hadn't added themselves. And yet others were knocked offline because someone else was already using their account.

In some cases, affected users have tried logging in only to find that the email associated with their account has been changed, making it a hassle to resolve the matter.