Yesterday, hundreds of Spotify accounts were hacked and published on Pastebin, a website. Account details such as usernames, passwords, emails, plan types and other supposedly secured information were on Pastebin for all to see.
But Spotify denies that the hack happened.
Other users of the music streaming site have reported strange activities in their accounts. Some indicated that they have played songs which they have never played. TechCrunch reported that some affected users had their accounts compromised "only days ago."
The list containing sensitive users' information popping out of a website such as Pastebin indicates a possible security breach in Spotify. But still the social media site said that it "has not been hacked" and even added that its "users records are secure."
So, how did the list end up in another website? If the secured account details were not acquired from Spotify, then how did the information travelled to another website which is not related to it?
The details on the list were comprehensive even listing the type of account such as Family or Premium when the subscription auto-renews. It even provides the country where the account originated. The list does not only include Spotify users in the United States, but also users all over the planet.
"I suspected my account had been hacked last week as I saw 'recently played' songs that I'd never listened to, so I changed my password and logged out of all devices," a user said who wanted to remain anonymous.
TechCrunch also reported that there are users who were booted off the service while they were streaming music. These users also refused to give their names, though.
Spotify, in a separate statement reported in CNET denied the hack and also refuted the TechCrunch report that said the compromised information is "specific" to its music streaming service.