I understand how you guys feel about your accounts being part of a security breach. Spotify can assure you, as mentioned in this support article stating: 'We can assure you that our platform and user records are totally secure. Account takeovers usually happen because of a breach on another service. If you use the same password for several services, they all have the potential to be compromised if one has a security breach'.
I'd recommend checking out this guide for some more steps on protecting your account so that only you have access to it.
I hope this helps! If you need help with anything else, feel free to start a new thread and the community will be happy to help :)
Billy-JRock Star 16
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
This week someone also logged into my account, changed password and all of my playlists! I was mad because i've been working on my playlist for ages haha. But isn't there like an 2auth stuff? So your account is more protected.
@matthewmotamedi - My account was compromised as well. Was listening to Spotify on my laptop this morning when I got notification that my music was playing on some device that I do not own. HaveIBeenPwned indicated that my e-mail address was found in a 3 day old pastebin (removed already) which contained 366 other e-mail addresses. I was able to find a hacking forum which listed the raw contents of the pastebin and sure enough, my Spotify credentials are listed.
Since it wasn't the same one you listed, I wonder if they've compromised thousands of accounts and are only releasing the login credentials little by little so that they don't arouse suspicion?
Got an email in French saying my account email and password had been changed. Had to reset my account. then this week I get a notification from "have i been pwned" saying that my spotify account details have been posted in a pastebin, as with the other users on this thread.
I am frustrated by Spotify's lack of announcement on this, and lack of apology or information on what happened.
Surely sign in security could be increased if there is a known issue going back months as on this thread. just add a step to get email address and password address change verified via users email.
I have logged a support chat asking for full explanation of how my data was lost.
Same here. I was trying to listen to music when only the free option was only available to me. I have a family premium account. When I logged in I can see my wifes names was listed twice. One with her email address and the other with zasad89@**bleep**.com. Reset all my passwords and all user accounts passwords.
2 days later which is today I have got another bogus account wiht my name and the email address was elafifaco-7792@**bleep**.com.
Both accounts were **bleep**.com. Been throguh the spotify support chat where the guys just reset my password again which I did 2 days ago and hope for the best.
My premium got hijacked late August/early September! I knew things were weird (where the f*** are these playlists coming from?!) but didn't realize what was happening until October 2 when they changed switched me to a family plan! Spotify's customer service handled it totally great when I called, and I appreciate that. I was baffled at the time as to how it happened BUT THEN THIS WEEK I google my email to see what comes up and in the first two pages was a dump of spotify usernames and passwords!! There was my email and my password, in plain text! The page isn't even sneaky about what it is! It's a whole bunch of spotify logins! If there was a breach and they said nothind that's pretty shitty.
Spotofy is in breach of the General Data Protection Act by not taking steps to notified those concered of the hack.
Article 34(1) states:
The GDPR states that communication of a breach to individuals should be made “without undue delay,” which means as soon as possible. The main objective of notification to individuals is to provide specific information about steps they should take to protect themselves.