Everything You Need to Know About Spotify Data Breach

  • By David Lukic
  • Nov 02, 2021

Spotify is one of the largest and most popular music streaming services out there, and they have repeatedly been hacked with user data breached and exposed online.

Millions of people use Spotify to curate their music collections. Premium users can easily create playlists and customize their library to their specific tastes. The service also “recommends” new music based on your lists and preferences. However, starting in 2016, Spotify users have been subject to repeated data breaches, sometimes even losing control of their Premium account completely.

Some users complain that their accounts have been hacked and used for listening to music they didn’t choose. Other more serious issues include users waking up and not being able to log into their accounts anymore. They have been locked out by hackers who have taken control. The scary part is Premium users have their bank and payment details in their profile, which means whoever hacked you, now has them. Unfortunately, there is no clear pattern or evidence of how hackers are able to access Spotify user accounts.

Spotify staunchly declares that their entire system is safe and secure; however, that does not explain how thousands of accounts were breached in 2016 and ended up on Pastebin. Victims have verified that the information breached was theirs, and the passwords were unique to Spotify, so they were not subject to credential stuffing. Spotify denies that they have ever been hacked and claims that “Spotify has not been hacked. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”

Spotify Data Breach

Complaints abound from users who claim their accounts have been hacked or taken over completely. Compromised accounts leave users wide open for identity theft and fraud.

Dozens of hacked accounts are actually being used to play obscure artists’ music. Discussion panelists on Reddit theorize that these hacks may be a way to rack up listening points for certain artists and DJs. This theory comes from the idea that Spotify allows independent artists to upload their music on the platform, and this is simply a way to run it up the flagpole for revenue and listens.

When Was the Spotify Data Breach?

Starting in 2016, user data showed up on a website called Pastebin used for storing text and source code. Three different data dumps appeared there with user credentials, including email addresses, passwords, account types, and home countries along with renewal dates for Premium accounts. The 2016 three-batch breach was one of many that have occurred over a short period of time. Before that, in November of the previous year, 1,000 email addresses and passwords were also leaked on the internet.

How to Check if Your Data Was Breached

Since Spotify denies ever being hacked, they do not provide a way to check your account. Additionally, users claim Spotify never informed them of the data breach and that their information showed up online.

However, if you use your Spotify account often, you should notice anything that looks out of place. If suddenly you cannot access your account even using the correct credentials, your account may be hacked, and you will want to take action quickly to secure things. You can also contact Spotify to ask for an audit of your account, but since they are pretty much in denial about any breaches, you may not get much help there.

What to Do If Your Data Was Breached

If your account was hacked or your data breached, you should take quick action. Some of the more immediate items to address are:

  • Change your Spotify password immediately. If you reused that same password on other sites, change those too.
  • Contact your bank or credit card for the payment method you use for Spotify and inform them of the breach.
  • Keep a close eye on credit card and bank statements looking for any suspicious charges.
  • Watch out for phishing emails.
  • Consider signing up for identity theft monitoring with a company like IDStrong.com.

If you cannot get into your Spotify account, contact their support department and let them know you have been hacked. They should be able to restore the account back to your username with a new password.

Spotify Change Password

Are There any Lawsuits Because of the Data Breach?

There are no legal pursuits regarding these issues yet. The very point that Spotify denies ever being hacked or breached makes the entire situation unique.

Can My Spotify Information Be Used for Identity Theft?

Absolutely. Identity thieves need only a small bit of information before they can match it to other data found on the dark web and put together an entire profile about you. Along with identity theft, you have to watch out for fraud and scams by keeping an eye on all your stuff, including credit reports, bank and credit card statements, and public records.

What You Can Do to Secure Your Online Life

Using Spotify, you just want to enjoy your music; we get it. However, anything you do online puts you and your information at risk. Thankfully, there are plenty of steps you can take to secure your online life and keep your details safer.

  • Always sign up for 2-factor authentication when available. This helps to keep your account safe and prevents hackers from gaining access without your mobile device.
  • Never, ever click a link in an email.
  • Install good antivirus/anti-malware software on all your devices and run deep scans often.
  • Only use one dedicated credit card for online purchases to minimize your risk.
  • Keep a close eye on your credit reports, bank statements, and credit card charges.
  • NEVER reuse passwords on multiple websites. This is one of the main ways that hackers gain access to your accounts.
  • Keep an eye out for suspicious emails and phone calls. If you did not initiate the action, hang up, or delete the email. Most fraud and scams are perpetrated through email and phone calls.

How to Protect Your Identity Online?

Use common sense and never give out any personal information to anyone you don’t know. Watch your accounts closely for any suspicious activity or evidence of logons by someone other than yourself.

About the Author
IDStrong Logo

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

Family Dollar & Dollar Tree Bleed Consumer Data Following Cyberattack

Family Dollar & Dollar Tree Bleed Consumer Data Following Cyberattack

In 2015, Family Dollar acquired its biggest competitor, Dollar Tree. Family Dollar is one-half of a consumer's dream; they offer low-priced goods for families in 8,200 locations nationwide.

Weekly Cybersecurity Recap December 1

Weekly Cybersecurity Recap December 1

This week, cybercriminals targeted health lifestyle members, patients, gamblers, and general consumers. Early on, Welltok returned to the news, this time with over 426k member data stolen by assailants; the organizations impacted by the breach were Premier Health and Graphic Packaging International.

Caesars Entertainment Breach Update, Millions of Gambler Records Compromised

Caesars Entertainment Breach Update, Millions of Gambler Records Compromised

Caesars Entertainment (CE) oversees 58 gaming properties across the continental states. Their locations include world destinations, nightlife activities, a comprehensive concierge, and an industry-leading approach to draw millions of gamblers weekly.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address