Spotify Community

jb262 · 2017-10-12

This has my login and password. Whats up Spotify? Got anything to say?

***Link removed for security reasons***

user-removed · 2017-10-12

This is most interesting. I was hacked yesterday. I was listening to Spotify at the time, so hacker didn't have chance to change password, although they did convert my Premium account to Family Premium, increasing my Spotify Premium Student Subscription from £4.99p/m to £14.99p/m and inviting one of their friends to the service (which I managed to cancel). Spotify Help chat basically told me they needed to close my account and that I'd have to re-apply for Premium Student, which is entirely unjust as my discount was due to run until March 2018, yet Spotify no longer accept NUS Extra Cardholders for student discount.

I can't see my username/email/password on the list though (password was Lastpass generated), which makes me wonder if there are more data dumps avialable or on the way?

Hubo · 2017-10-12

Hey folks!

That doesn't sound right. I've passed this on to the right folks. In the meanwhile, could you try the steps from this article to secure your account? Let me know how you get on! 🙂

Have a great day!

HuboSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

user-removed · 2017-10-16

Hi there, any update please? Seeing these Spotify username and password data dumps online would indicate that it's not the user's who're compromising their own data, but Spotify themselves.

Hubo · 2017-10-16

Hey @user-removed!

The right folks are aware of this. Spotify can assure that their platform and user records are totally secure. Account takeovers usually happen because of a breach on another service. If you use the same password for several services, they all have the potential to be compromised if one has a security breach. That's why it might show up in these 'pastes'. Let me know if you have any other questions.

Have a great day!

HuboSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

user-removed · 2017-10-16

I maintain discrete credentials for each site I hold an account with, and it's only my Spotify account that has been used illegitimately.

Quite why Spotify doesn't offer two-factor authentication in this day and age is a mystery to me.

Hubo · 2017-10-16

Hey @user-removed!

I understand your frustration. I recommend following these steps to keep your account secure. Also, I recommend adding your vote to this idea, if you'd like to see 2-FA on Spotify. Let me know if there's anything else.

Take care! 🙂

HuboSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

kjsaegbsdgr · 2017-10-16

@jb262 can you share this link with me in private, my accout got hacked on friday and I need to see if im on the list.

user-removed · 2017-10-16

Sorry, I won't be sharing it with you.

kjsaegbsdgr · 2017-10-16

If it is publicly available the harm is already done. By now all these accounts should've had their passwords reset by spotify.

Since two days I try to find out why my account was hacked as I use only facebook (with 2 factor auth enabled) to access it, yet still someone was able to use my spotify.

Hackers were unable to change my email as it can be done only through facebook.

All I get in reply from spotify's support is "change your facebook password" without any information what actually happened.

kjsaegbsdgr · 2017-10-16

What's more funny it looks like spotify forum is under attack, so many people will not be able to get help.

https://imgur.com/a/TIyB7

jb262 · 2017-10-16

Those pastebins get deleted fairly quickly. I dont have the link anymore, and I'm not sure what the laws are on sharing a copy of the file. I can say that there are about 3300 accounts on there. Each login is categoriezed with the type of premium the account has. It's likely some BoZO from Spotify was using it for development purposes and inadvertantly leaked it. My login information was correct.

Spotify recovered my account for me in a timely manner, so there's that.

I got the notification through haveibeenpwned

If you register your email there it should tell you whether you are on that list.

willsmith · 2017-11-02

My account was also hacked. I found out when i was listening via sonos. They didnt change my credentials, just deleted all my playlists. I dont understand why Spotify is so blase about data breaches. I will consider another music service.

loki1138 · 2018-01-03

My account was hacked as well. They switched the email and tried to fly under the radar. Has spotify released a statement about the breach?

Hubo · 2018-01-03

Hey folks! Thanks again for all your reports!

Spotify's data is all safe and secure and has not been accessed. Account takeovers usually happen because of a breach of another service. If you use the same password for several services, they all have the potential to be compromised if one has a security breach. That's why it might show up in these 'pastes'. If your account has been accessed unauthorised, I recommend following these steps. Let me know if you have any other questions.

Have an awesome day!

HuboSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

user-removed · 2018-01-03

I'm afraid this is quite simply nonsense. I use a password manager (local, not server situated), generating complex and discrete passwords for each service requiring an account. No two passwords are the same.

Something else is going on here.

Spotify Community

Was Spotify Hacked?

Was Spotify Hacked?

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

Was Spotify Hacked?

Was Spotify Hacked?

Suggested posts

Let's introduce ourselves!