Once hackers get access to my Spotify account, they will change my regular Premium subscription to Premium For Family and add strangers to my plan.
I will be charged $5 extra each month!
Spotify does NOT require to enter my credit card number to change the subscription type, which leaves the risk to users.
It means hackers NOT ONLY have stolen Spotify accounts, but also have stolen stored payment method to pay for family plans.
But in France and the UK, Spotify requires to enter the credit card number to change the subscription type to a Family plan. (free Google home mini was the reason why Spotify start asking for re-enter credit card info, but the offer has ended, Spotify no longer ask for re-enter card info...)
Idea: Please ask users to re-enter card number when changing regular Premium to a Family plan. Just like what Spotify did in US/UK/FR markets when free Google Home minis were giving to family owners for free. So hacked users won't be charged unauthorized money when hackers upgrading their plans to the family plan using stored payment method.