Last tuesday, for the second time in 1 year i believe, someone hacked into my spotify premium account and changed the email adress. For the second time, Spotify suggested this was a problem of mine (security issues). 

I have many accounts in different apps and websites (like everyone else), but this is the ONLY account i have ever been hacked.  Someone had access to my pasword (which is totally unbreakable and diferent from the one i use in other accounts). I have to say i NEVER enter my Spotify password on ANY device that isnt my own, so in all the time i had a premium account, i only haved logged into my personal cellphone and my ipad (which never leaves my house). my question is, how is it possible to just change the email linked to my account without ANY validation on Spotify side? shouldnt you ask at least that the original email confirm this is a valid action? or ask the uzer that is chancging the registered email to send a bank statement? how can Spotify just decide this fraud occured because of security issues of my devices and not take any responsability?