Thanks for the reply.  That was my first thought.  But the reason I searched my email was because I had in fact been locked out.  I looked closely as to where it was sending me before resetting the PW and once done, I could get back in.

My conculsion is that this is either extremly sophistaticated on the part of phishing or that Spotify presents a real problem.  I'm a System Adminstrator by trade so I am familiar with cyber security.  Of course, there is no way to contact them unless you can log in.  But, if one of my users forgot their PW the only recorse I have is to reset it, I can never, ever, see it.  Not in Linux, Windows, etc.  Much less be able to tell it was the same somewhere else.

I guess now I wait to hear from them or the other shoe fall. 

Jim

So why don't they state that?  Why the need to lie? Such a great service; but a message like this is unconscionable given security concerns these days.   Leaves one with very little trust. 

This clears nothing up and certainly adds to the concern.

"We proactively reset your password as a precaution because we found that another website or service, where you also use that password, was compromised."

 Can this be explained in some way that does not lead me to believe you have access to my password (in clear txt) on both your own systems and others?

"We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords."

Again, exactly how do determine this unless you know what my password is?  I have never been to Pastebin and what exactly are "other sites"?

"We're afraid we can’t provide any further information about the status of your details on other services."

Well, given the red flags you have thrown up around this you darn well better provice some information.  

I specifically want an answer as to how you compared my password to anything without being able to read it.

Thank you,

Jim