
Ask HN: Has Spotify been breached? - bennyp101
So according to haveibeenpwned my email is not listed as being on any Spotify breach, but I just got 2 emails that my email and password were on a paste for my Spotify Premium account.<p>Makes sense now, as a couple of hours ago listening at work, it stopped playing and said it was playing on a LG Phone ... so logged all out and changed password.<p>I can&#x27;t seem to find anything other than 2016, and https:&#x2F;&#x2F;www.digitalmusicnews.com&#x2F;2017&#x2F;12&#x2F;27&#x2F;spotify-massive-data-breach&#x2F; from last year.
======
IpV8
Happened to me last week. Music stopped playing, said it was playing on some
iphone, and now all of my recently playeds are bands I've never heard of. I
changed password and it hasn't happened since. Something fishy is going on.

~~~
IpV8
Just happened to me again. Now all of my playlists are gone and replaced by
trap shit.

~~~
graystevens
Were they unique and/or generated passwords each time, or was it a password
you have used else where?

It is unlikely to be a Spotify breach, but if the password was unique to
Spotify then that certainly adds a little more weight to the argument.

Usually it is simply a case of ‘credential stuffing’, where other data
breaches are checked against other common/popular websites, with the goal of
finding accounts that work and can be sold to others for illegal use (TV
streaming services etc.)

Overview of credential stuffing can be seen here:
[https://breachinsider.com/blog/2017/credential-stuffing-
how-...](https://breachinsider.com/blog/2017/credential-stuffing-how-breached-
credentials-are-put-to-bad-use/)

~~~
IpV8
Definitely possible. I don't do completely unique passwords, but do do a tweak
on a standard password that was unique to my spotify account. Also a quick
google of 'pastebin spotify 2018' shows quite a few lists of emails and
passwords posted rather recently. I suppose there is no way to know one way or
another, either way I just went in and randomized my bank/email passwords to
be safe.

------
laken
I wouldn’t think it was a breach, but rather a bunch of cracked accounts
(probably using other breaches - credential stuffing). Spotify Premium
accounts are a large target, because they can be sold for a few bucks a pop.
What they’re really going for are Spotify Family accounts, because then they
can sell “Premium Upgrades” using the empty slots on the family account.

------
to-too-two
Happened to me a few days ago. Thought it was just a fluke, but this confirms
that there definitely was a breach. Spotify should make a public announcement
about this.

I logged in the other day and all my playlists had been deleted and replaced
with one or two weirdly named ones. Changed my password, and it's been okay so
far.

------
gargravarr
Here's the paste:
[https://pastebin.com/ETdwyS48](https://pastebin.com/ETdwyS48)

Only ~30 entries but no reason to think it's not a snippet of a much larger
leak.

Email, Premium level (seems to be Premium accounts only?) and... >_<...
plaintext passwords.

------
throwaway413
Happened to me a couple weeks ago.

They messed with my playlists and added a bunch of Portuguese songs to my
library.

