Forbes reported on Friday that it had verified that the account details of at least 80 paying customers using Spotify's Premium service had been published on Pastebin, a code-sharing web app. But it said that “hundreds” were understood to have been affected.
However, Spotify denied that it had been the victim of a hacking attack.
“Spotify has not been hacked. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords. That is what happened this week,” a spokesperson told The Local.
But Forbes claimed that 15 different users had confirmed to them that their leaked passwords were unique to Spotify, the majority of whom said they had not been contacted by the Swedish streaming service.
It remained unclear on Friday who was responsible for the alleged leak.
One online post, which was later removed, sharing some of the account details contained the signature “this shit is leaked by yours truly [sic] Internet Protocols”, reported Forbes.
Spotify, founded in Stockholm by Swede Daniel Ek in 2008, boasts more than 75 million active users worldwide, with more than 20 million paying subscribers, in some 60 countries.
It has yet to produce annual profits but in 2014 boasted sales of more than a billion euros ($1.1 billion) and is by far the largest company in the growing industry of streaming, which allows subscribers access to unlimited amounts of music on demand.
The sector has grown rapidly as sales of CDs have declined. Revenue from streaming has overtaken that from downloads in 37 countries around the world, according to the IFPI recording industry body.
In November Spotify was the target of another apparent hack, with over one thousand email addresses and passwords leaked, reported Newsweek at the time.
You can find out if your account has been compromised on website haveibeenpwned.com.