Approximately 3,164 customer accounts belonging to Spotify which were hacked and leaked online between November 5th and November 7th 2018. “Argentina GhostHack” and a hacker going by the name of “Grinch Vyse” have claimed responsibility for the breaches, posting email addresses and login credentials tied to Spotify customer accounts online earlier this week. It should be noted that Argentina GhostHack is primarily responsible for the majority of accounts exposed this week, releasing 2,867 (91%) of the leaked material online.
To confirm the legitimacy of the leaks, Rogue Security Labs reached out to Spotify for comment and was told that “We’ve passed this on to the right folks to take a closer look backstage” – while thanking me for bringing the leak to their attention. It is unknown if the accounts breached were tied to the October 2018 Facebook hack which effected over 50 million Facebook users worldwide, incidentally compromising other 3rd party services attached to the social network – such as Spotify, Tinder and Instagram. Investigations are still ongoing.
For the time being, if you are a customer of Spotify you are advised to update/change your account password immediately. Additionally, if you use the same root password for your Spotify account as you do your personal email, you are advised to change this as well.
** Due to the number of civilian customers exposed in the breach, Rogue Security Labs has declined to share the leaks publicly **