Hundreds of Spotify Accounts Leaked in Apparent Hack

Over one thousand email addresses and passwords from the music streaming app Spotify were leaked following a hack attack last week, according to multiple victims who confirmed with Newsweek.

Newsweek verified the details of the hack with nine individuals whose email addresses were posted publicly on November 2. One victim claimed he was locked out of his account for three days.

Another victim says he tracked his compromised email to an address hosted in Russia. Russia has been a hacker haven for those who collect personal records in the past decade. One Russian hacker ring reportedly amassed over 1.2 billion username and password records last year, according to The New York Times .

Several victims of the attack told Newsweek that Spotify did not inform them that their accounts were compromised. Some only heard back when they reached out to Spotify themselves after realizing their accounts had been hacked.

“I honestly had no idea this was a problem affecting multiple users,” says one victim to Newsweek in an email. “The messaging from Spotify appeared to imply mine was an individual case.”

It is unclear who hacked Spotify or why the hacker decided to leak personal data—also called doxxing—publicly. In many doxxing cases, hackers leave a preamble explaining their motivations on their attacks. The Spotify hacker left little to no traces.

In the past eight days since the dox, Spotify had no blog posts or public announcements informing its 20 million subscribers that some accounts have been leaked. Spotify did not respond to Newsweek’s requests for comments.

If you believe you were hacked in this attack on the streaming app, check out haveibeenpwned.com or email Spotify directly.

Seung Lee