Spotify users may be singing a new tune soon, after hundreds of account credentials have been leaked online. Personal details such as email addresses and passwords have been posted to the website Pastebin, and includes users from all over the world.

In spite of this leak, TechCrunch reports that Spotify is denying a hack or any theft of user records. Yet the account details are very specific to Spotify, including information such as account type and subscription renewals.

Users are also reporting account breaches, following indications such as saved songs the account owner has never listened to, or being forced to log out and discovering that their account email was changed.

Victims are working with Spotify customer service to regain their account access, but they were not contacted by Spotify nor were their passwords proactively reset. A spokesperson from Spotify has mentioned that the company’s policy is to verify the credentials then notify affected users in the cases of such a breach, but in spite of the ongoing incidents of unauthorized account access, the company still seems to deny there was a hack to begin with.

It is also possible, as noted by TechCrunch, that the current leak could connected to a previous data breach. Spotify has been hacked before, and while that issue was addressed, it is very possible that not every user affected changed their personal information, hence a slew of new reports of unauthorized access based off old information.

Your info’s online – now what?

If you are a Spotify user, it’s possible that your information was included on this list. In such a case, there are a few steps you should take. First and foremost: change your password. Also, if the passwords of any other websites that use the same name, email address, or any other information that can be connected to your Spotify account are the same as your Spotify password, change those too.

Security expert Bruce Schneier recommends a smart password, using a mnemonic or a phrase you can easily remember to draw passwords from, and to use a different password for every site. Avoid the temptation of using the same or similar passwords on everything for the sake of remembering them more easily. Don’t just add another number to the end, change it to something entirely new.

Those with paid accounts should set up credit monitoring immediately. Time Money recommends setting up two-step verification on all sites that involve monetary transaction, and keeping an eye on one’s accounts to catch suspicious activity.

Hopefully Spotify will address the issue soon, and we’ll learn how the information was acquired. Until then, Spotify users should make sure to take precautions and protect their accounts.

photo credit: Spotify (House) via photopin (license)