Cyber Incident Victim: Spotify
Date:
Feb 2016
Location:
Sweden
Summary
A music streaming service experienced a data leak where hundreds of Premium account details, including email addresses, passwords, account types, and renewal dates, were exposed online by an unidentified hacker. The compromised credentials appeared in multiple data dumps posted to Pastebin and were promoted via a dedicated Twitter account, though payment information was not included. The company stated it routinely monitors such platforms, verifies leaked credentials, and notifies affected users to reset passwords—confirming this occurred in response to the incident while denying any system breach. This followed a similar credential leak months prior involving over a thousand accounts. The incident reflects broader trends where compromised streaming service logins are frequently traded on dark web markets at low prices, incentivizing large-scale credential theft by cybercriminals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around February 15, 2016, an unknown hacker using the alias 'Drakia12' leaked hundreds of compromised Spotify Premium account credentials on Pastebin, a platform frequently used for sharing large data dumps. The exposed information included user email addresses, passwords, account types (Premium tier), and subscription renewal dates, but did not contain payment details such as credit card numbers. The leak was subsequently promoted on February 17 by the Twitter account @hacked_emails, which specialized in disseminating breached credentials. This incident represented at least the second major credential exposure affecting Spotify within four months, following a November 2015 breach that had compromised over a thousand accounts according to prior Newsweek reporting. The 2016 leak occurred despite Spotify's existing security monitoring practices and demonstrated continued criminal interest in streaming service credentials.
Spotify confirmed through a statement to IBTimes UK that its security team routinely monitored Pastebin and similar platforms for exposed credentials. Upon identifying the February 2016 data dump, the company verified the authenticity of the credentials and initiated password reset procedures for affected users. However, Spotify explicitly denied experiencing a direct system breach, characterizing the incident as part of ongoing credential compromise patterns rather than a new intrusion. At the time of initial media reporting, the company had not issued any public statements acknowledging the leak. Industry context provided by McAfee Labs' "The Hidden Data Economy" report indicated that streaming service accounts like Spotify were frequently traded on dark web markets, with individual accounts selling for as little as $0.55. This economic model incentivized bulk credential theft and resale operations targeting popular digital services.