As one of the most prominent – and sometimes controversial – digital entertainment services, Spotify is an obvious target for hackers.
Whenever user login details appear on sites like Pastebin, then, there are concerns that the streaming service’s security has been breached – a legitimate worry given past hacks of services from Sony’s PlayStation Network to extra-marital dating site Ashley Madison.
This week was the latest example, as a swathe of what appeared to be legitimate Spotify account details were uploaded to the Pastebin site. This, just a couple of months after the last such episode in February 2016.
TechCrunch carries the complaints of several users whose details were published this time round, with claims that their accounts were reset to other people’s email addresses and accessed remotely. There are also complaints that Spotify was slow to alert them to the fact that their accounts had been compromised.
For its part, Spotify has denied that its own security has been breached. “Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords,” said the company in a statement. The key point being whether the details were hacked from the users themselves or a breach at another online service, rather than Spotify itself.
Even so, this is the latest reminder that music-streaming services are juicy targets for hackers, although understandably they do not talk much publicly about how they are protecting themselves from such attacks.