Breach, Compliance Management, Data Security, Privacy

Was Spotify breached? Account info shows up on Pastebin

Spotify may have experienced a security breach, security pros said, after it was reported that a list of customer account credentials was discovered on Pastebin.

Among the credentials posted are user names, passwords, emails and account types, according to a report by Techcrunch, which also cited a number of Spotify customers on the list who said their accounts had been hacked.

However, a Spotify spokesperson, in a statement, said the music service has “not been hacked and our records are secure,” according to Techcrunch, noting that the company monitors sites like Pastebin regularly.

“When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords,” the statement said.

Adam Levin, chairman and founder of IDT911 and author of “Swiped,” said the “anyone using Spotify, or a similar digital music subscription service… [should] on a daily basis monitor any financial account tied to those services for the slightest hint of fraudulent activity – not just in the wake of a breach.”

Levin, who, in comments emailed to, called the potential breach more evidence “that hackers never sleep,” urged users to “use long, strong and diverse passwords” fall accounts, “minimize exposure of personal identification information and refrain from over-sharing every morsel” of their lives on social media.

He added that anyone impacted by the possible Spotify compromise should practice basic good hygiene. “Think carefully” before clicking any links “and never authenticate yourself to anyone who contacts you – lest you become a victim of a phishing scam and an unwitting co-conspirator in the theft of your own identity,” Levin said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.