So, yeah. Other than stated, Spotify does not provide 2FA (shame on them!), so I use a strong password and since years nothing happened.
This early morning I got multiple mails that my account was logged in from Brazil, from the USA, from India, and some other countries. There were songs liked and playlists created so it wasn’t a malicious e-mail but some people actually were able to log on to my Spotify account.
I of course changed the password and logged out all accounts and checked allowed apps, etc. and everything looks fine.
But I wonder … was there something that happened recently? The common sites to check such things do not list my old Spotify password, and a quick web research does not bring anything up.
Any clue what could have happened here?
Is that account showing in haveibeenpwnd.com and if so, is the Spotify password the same as any of the sites showing in haveibeenpwnd
The mail address is shown for 3 data breaches. dailymotion 2016, Gravatar 2020, Myspace 2008. None of the passwords could possible match my Spotify password but I stopped using those services long before the breaches so I can’t tell 100%.