Spotify hacked? Users report strange behaviour on their accounts

A growing number of Spotify users from around the world are saying their accounts have been hacked, something the music streaming service adamantly denies.

A list of user information was released online last week, but the streaming service denies it's been breached

Spotify users are claiming they've been hacked, but the music streaming service denies any data breach. (Reuters)

If you're wondering when exactly you decided to add so much Justin Bieber to your favourite Spotify playlist, it might not have been you at all.

A growing number of Spotify users from around the world are saying their accounts have been hacked, something the music streaming service adamantly denies.

A post dated April 23, 2016, on a website called Pastebin listed hundreds of Spotify credentials. It wasn't limited to login information — in addition to emails, usernames and passwords, the post included Spotify-specific information like account type (ie. premium or family), the country in which the account was created, and when the subscription auto-renews.

Spotify said in a statement that it "has not been hacked and our user records are secure."

However, users on the list told TechCrunch that, rather than just stealing their personal information in typical hacker fashion, strangers are actually utilizing their accounts. The alleged hacking victims report that people are listening to songs on their accounts and making changes to their playlists.

More worrying, some have found their account emails changed without their permission, making it impossible for them to access their accounts and difficult for them to cancel their subscriptions.

People who made the rookie mistake of using the same login information on multiple sites are dealing with a major headache. Several are reporting that as a result of the alleged Spotify breach, their Uber, Facebook, Skype and even online bank accounts have also been illicitly accessed.

Wouldn't be the first Spotify hack

It wouldn't be the first time the service has dealt with a security breach. In May 2014, the company announced that someone had gained unauthorized access to its systems and data. However, it said only one user's data was accessed, and the user was notified.

In an incident eerily similar to this week's, more than a thousand accounts' information was leaked in an alleged hack in November 2015, but Spotify denied it had been hacked.

It is possible the recently released information is the result of an earlier data breach and not a recent hack.

Spotify says that when it finds users' credentials made public on the web, "we first verify that they are authentic, and if they are, we immediately notify affected individuals to change their passwords."

It is possible that the service is still going through this verification process.

In the meantime, there's always cassette tapes.


  • An earlier version of this story said the user information was posted on a site called Paintbin. In fact, it is called Pastebin.
    Apr 27, 2016 8:20 AM ET


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?