If you’re one of the millions of people around the world who count themselves as Spotify users, we have some troubling news: it looks like Spotify recently suffered a security breach. A list containing hundreds of sets of account credentials was published late last week to popular anonymous text file sharing site Pastebin, and several of the accounts have been confirmed to be real. What’s more, users named in the leak are already reporting that their accounts were indeed breached.

The news comes from TechCrunch, which says it has directly confirmed that a number of accounts mentioned in the leaked document were indeed breached. The tech site contacted several email addresses contained within the leaked file, and it confirmed that a number of people who replied had indeed had their accounts compromised.

“I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices,” one victim said. Another said he had found tracks added to his saved songs that he hadn’t saved himself.

Unfortunately, it looks like some users have already been locked out of Spotify when unknown users changed the usernames and passwords tied to their accounts.

Curiously, Spotify flat-out denied the possibility that it has been hacked in a statement to TechCrunch. “Spotify has not been hacked and our user records are secure,” a company spokesperson said. “We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”

Want our advice? Change your Spotify password as soon as possible, just in case. It certainly appears as though this breach is the real deal and it’s unclear if additional account credentials will be released in the future.