The leaked user information is appearing on the website and code repository Pastebin. Spotify tells TechCrunch it "has not been hacked," which suggests that the user data was accessed as part of an earlier attack—like the one Spotify reported in May of 2014… or the one Spotify reported last November… or the one users reported last February… (Are you sensing a pattern here?)
However, TechCrunch spoke to a number of compromised account holders who claim they've noticed suspicious activity pop up in just the past few days, suggesting this could be a new hack.
In any case, now is probably a good time—if you haven't already—to change your Spotify password. DH