Another episode of leaked passwords is coming at you. This time, Spotify customers find themselves the victim of account breaches. TechCrunch reported about the list today, though they declined to link to the list in order to protect the victims.
Here’s what’s going on: the username and passwords for various Spotify users have gotten into the wrong hands, but according to Spotify it wasn’t due to a data breach. It’s possible the credentials were gathered through your typical phishing attempts.
It’s an annoying situation because Spotify is one of those services which allow you to completely change your email address, so regaining access to a breached account can be problematic if the attacker chooses to do it. Users have had to contact Spotify customer service because they were locked out of their own accounts and couldn’t get any verification email as a result.
Despite Spotify’s claims that no breach happened on their end, you should assume that your account is vulnerable and proceed to change your password if you’re still able to. A vast majority of the service’s users are likely unaffected, but it’s always better to be more safe than sorry. If you find some questionable behavior on your account or can’t log in then you’ll want to contact Spotify as soon as you can.