A data dump has exposed the usernames and passwords of hundreds of Spotify Premium accountholders.
On Monday, users' login credentials began appearing on Pastebin, an online text storage and paste tool. A total of three separate dumps have occurred thus far, each compromising the email addresses and passwords belonging to users of the popular music streaming service.
In some cases, other personally identifiable information, including home country and account renewal dates, were also leaked.
Forbesreports that it has confirmed the legitimacy of the data dumps with 80 different affected individuals, 15 of whom confirmed that the exposed passwords were unique to their Spotify accounts.
"We monitor Pastebin and other sites regularly," a spokesperson for Spotify told Forbes. "When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords."
Whether Spotify actually contacted the affect customers remains unclear. According to those with whom Forbes spoke, many of the affected users contacted the company about their exposed accounts. When they did so, the music streaming service said that those accounts had not been compromised in any way.
That's not the only thing that is uncertain about this incident. The identities of those behind the data dumps are currently unknown, though two of the dumps were tweeted online by a user with the Twitter handle @hacked_emails.
It is also unclear how the account data was obtained and whether any payment card details were stolen in the process.
"They’re not going to post payment information for free when they can sell it," said one victim of the data dump. "This is like marketing showing they’re going to sell on the black market. Most hacks are for monetary gain, which is why they go for high-value services like Spotify Premium."
If you are a Spotify user, you should change your password immediately to be on the safe side. You should also monitor your credit card statements for suspicious activity. Any unfamiliar charges could be a sign that the hackers indeed made off with users' credit and debit card information