I just noticed that someone else was using my Spotify and others were piggy-backing on my family plan. I logged out of all sessions and changed my password. I tried to find any info about any security breach on your sites but I couldn't find any. However, when I Googled my old password, I found a page from Jan 19 2019 with my email, password, info on subscription plan and country. The page is a thread in a forum with loads of accounts and passwords. I'm not going to post the link here for obvious reasons though. Why haven't we been notified about this breach?