Spotify denies hack after user login details appear online

Hundreds of Spotify login details were posted on Pastebin, but Spotify denied any hack.

Hundreds of login details of Spotify users around the world were posted on text sharing site Pastebin. The leaked details contained e-mail addresses, passwords, whether or not the account was a premium account, the country of registration and the date of auto renewal for the account. The compromised information appeared on the site on 23 April. Spotify is an audio streaming site not available in India.

TechCrunch followed up the details and contacted some of those with compromised accounts. The users did confirm the intrusion. Some users noticed songs that they had never listened to in their timelines, indicating unauthorised access and use. Users were kicked out of their own accounts in the middle of sessions, when someone elsewhere logged into the same accounts with the compromised details.

A few users reported that their accounts had been hijacked, and their e-mail addresses tied to the account were now replaced with a different one. Users also reported that other accounts, including transport app accounts, emails and even bank accounts were accessed using the passwords leaked by the pasted text on the site. Users have been contacting Spotify support to retrieve accounts and passwords. However, Spotify denied any hack occurred in a statement to TechCrunch.

Welcome to Tech2 Innovate, India’s most definitive youth festival celebrating innovation is being held at GMR Grounds, Aerocity Phase 2, on 14th and 15th February 2020. Come and experience an amalgamation of tech, gadgets, automobiles, music, technology, and pop culture along with the who’s who of the online world. Book your tickets now.