So, yeah. Other than stated, Spotify does not provide 2FA (shame on them!), so I use a strong password and since years nothing happened.

This early morning I got multiple mails that my account was logged in from Brazil, from the USA, from India, and some other countries. There were songs liked and playlists created so it wasn’t a malicious e-mail but some people actually were able to log on to my Spotify account.

I of course changed the password and logged out all accounts and checked allowed apps, etc. and everything looks fine.

But I wonder … was there something that happened recently? The common sites to check such things do not list my old Spotify password, and a quick web research does not bring anything up.

Any clue what could have happened here?

  • EmperorHenry@infosec.pub
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    Regardless of what corporation it is. Always assume they got hacked.

    Unless of course all their users’ data is end to end encrypted, all with unique keys.

    if a company like that gets hacked then it’s like an intruder in an apartment complex, you got through the first door, now you need to break into each account one at a time.