It’s time to change your Spotify password.
A data dump of hundreds Spotify usernames, passwords and other personal user details has surfaced online in what points at a security breach.
The list, which was posted to website Pastebin, highlights — in addition to personal information — the type of user account compromised, such as one with a family or premium subscription.
While the streaming service denies a hack has occurred, TechCrunch confirmed with some of the users on the list that their log-in credentials were indeed legit. Spotify suffered a data breach back in 2014, but it appears the accounts were compromised in the past few days.
@SpotifyCares My Spotify account was hacked and the email was changed to someone else’s. How do I get it back?
— Bill Xiong (@Bill_Xiong) April 20, 2016
According to the report, some Spotify users discovered their passwords and email addresses attached to accounts were recently changed without authorization. Others spotted new songs saved to playlists they didn’t manually add.
Despite users reporting shady activity, Spotify told Mashable it denies it is a part of a large-scale hack.
“Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”
The company added it is currently looking into the data dump to see if it is authentic.
It’s unknown as of now if third-party log-in platforms such as Facebook were affected, but some users noted other accounts were hacked due to re-using the same password in more than one place. It’s a good reminder to never use the same password twice.