Security Breach - February 10th, 2019

Reply

Security Breach - February 10th, 2019

JackLantern
Casual Listener

Shortly after February 10th I recieved a notification that somebody had attempted to login to my Facebook. It was location blocked. At the time I hadn't thought much of it, changed my information and carried on. I generally used different passwords for my accounts but didn't for Spotify due to the fact that they were linked. Last night I recieved notice that my account email had been changed (the email was in arabic). Now suspicious I googled my email and found it with my password on a list of over 1000 spotify accounts. I contacted support and informed them of the list and reset my account. All of my passwords have now been changed.

 

I'm unfaithful however that Spotify will announce this security breach. I will not be linking to the list, but a lot of the passwords on it are complex passwords. I'm fairly certain it was an actual data breach and not a brute force attempt. As such, I'm urging the community to verify their accounts are safe.

10 Replies

Daisy
Spotify Legend

Hey @JackLantern.

 

Thanks for reaching out to the Community!

 

We appreciate your concern. To be clear, Spotify has not been compromised and your data is secure. We proactively reset your password as a precaution because we found that another website or service, where you also use that password, was compromised.

 

We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords. We're afraid we can’t provide any further information about the status of your details on other services.

 

Have a nice day.

JackLantern
Casual Listener

My account wasn't proactively reset, I recieved an email in arabic that my email had been changed to a throw away email account and had to actively contact support to remedy the situation. My account was in use for weeks before I took notice. The list specifies that its over 1000 spotify premium accounts and gives their credentials including premium renewal dates. It was posted weeks ago and I recieved no word that anything was going on until someone tried to take my account. It's fairly obvious that it was a leak on spotify's end.

doug1642
Newbie

I am having the same problem. I had songs show up that I have never listened to. I have had my account change to a random song twice in the last 3 days . 

Peter
Moderator
Moderator

Hey @doug1642.

 

Thanks for reaching out to us about this, and sorry to hear this has happened to you.

 

Make sure to check out this support article here, which will give you detailed steps to follow in order to secure your account.

 

Hope that helps!

 

@JackLantern - would you mind sending us a link to the list which you are referring to (feel free to PM me if you prefer)? We'll make sure it gets passed on to the right folks.

 

Thanks again 🙂

PeterModerator
 
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
 

Platvis
Casual Listener

Hey,

 

I just found my Spotify username and plaintext password on a pastebin post!!!

 

I thought this was supposed to be secure??

 

darkduds21
Newbie

I reverse searched my email address today and I found a password list with my account on it on this link:

 

[snip - Community Moderator edit]

Can you guys get the site shut down?

Mario
Moderator
Moderator

Hey @darkduds21,

 

Thanks for bringing this to our attention.

 

We got in touch with the right team and they're taking care of the situation to secure the accounts. Be advised, that depending on what actions are taken, your password might get proactively reset from our team. You will receive an email notification regarding this.

 

We also edited your post to make sure that the link - and the related personal information - won't be visible or used by others who might stumble upon it here.

 

Let us know if there's anything else we can help with!

MarioModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
"There's more to living than only surviving." - Dexter Holland

_lp4qtfs-tyhl
Newbie

I have the same issue. My account has been used by different people 3 times now. They can even change my settings and such. Resetting passwords did not work, logging out of devices too. I haven't searched my password online but I know for user I used different passwords every time.

Peter
Moderator
Moderator

Hey @_lp4qtfs-tyhl,

 

Thanks for reaching out to us about this - sorry to hear this has happened to you.

 

Could you try the steps listed in this support article, making sure to follow them in the order which they're listed?

 

Thanks - keep us posted!

PeterModerator
 
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
 

Platvis
Casual Listener

Are you serious?? A year later??

 

 I don’t need to follow any support lists.

 

 Can you explain why the **bleep** my password was not encrypted?

 

 And don’t bother replying. I’ve unsubscribed.

SUGGESTED POSTS