The same thing is happening to me. Someone is able to get access to my account and play random music without changing the password. Looks like this has happened to many others too. Could be some sort of an attack on Spotify through a security vulnerability.
Changed the password (Made it more complicated), logged out everywhere. Did everything mentioned. Issue still persists.
For the attacker to change my password - that person needs to know my current password.
For the attacker to click on forget password - that person needs access to my email to reset password. To change the email address on my profile to something else, that person needs my current password.
Looks like the attacker is using some other exposed security vulnerability. Hence only the recently played is filled with random songs for me and for a lot of other people complaining about this same issue.
Spotify : This issue still exists. Can you please help to resolve the same.