So, yeah. Other than stated, Spotify does not provide 2FA (shame on them!), so I use a strong password and since years nothing happened.

This early morning I got multiple mails that my account was logged in from Brazil, from the USA, from India, and some other countries. There were songs liked and playlists created so it wasn’t a malicious e-mail but some people actually were able to log on to my Spotify account.

I of course changed the password and logged out all accounts and checked allowed apps, etc. and everything looks fine.

But I wonder … was there something that happened recently? The common sites to check such things do not list my old Spotify password, and a quick web research does not bring anything up.

Any clue what could have happened here?

  • kowcop
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    Is that account showing in haveibeenpwnd.com and if so, is the Spotify password the same as any of the sites showing in haveibeenpwnd

    • 𝘋𝘪𝘳𝘬@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      10 months ago

      The mail address is shown for 3 data breaches. dailymotion 2016, Gravatar 2020, Myspace 2008. None of the passwords could possible match my Spotify password but I stopped using those services long before the breaches so I can’t tell 100%.