Spotify seems to have had a security breach, having hundreds of accounts posted in three separate instances on Pastebin since Monday. They contained emails with the respective password, as well as some having extra information such as home country, if the account is free or premium and the premium renewal date.
No one has explicitly taken credit for the hack yet, but two of the three instances were tweeted by @hacked_emails and one of the posts (now removed) was accompanied with “This shit is leaked by yours truely, Internet Protocols.”
A spokesperson for Spotify said, “Spotify has not been hacked. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.” Although in this, and a similar hack that happened last year, affected users are reporting that Spotify gave them no notice of their account being compromised.
While no credit card information has been posted, it’s not safe to say that information hasn’t also been compromised. One victim of the hack, and Silicon Valley cybersecurity employee, commented on the issue, “They’re not going to post payment information for free when they can sell it. This is like marketing showing they’re going to sell on the black market. Most hacks are for monetary gain, which is why they go for high-value services like Spotify Premium.”
Spotify Premium accounts are sold among the dark web (similar to the Internet you’re using right now, but requires specialized software, configurations and authorization to access websites) with a lifetime subscription being reported going for $3.99.
-----
Source: Forbes
Image: Spotify