Spotify Resets Some User Account Passwords Due to 'Suspicious Activity'
On Thursday (May 23), a number of Spotify users reported receiving an email from the streaming service about "suspicious activity" on their accounts, and which notified them their passwords were reset. No further details were given at press time.
When reached for comment by Billboard, a Spotify spokesperson said, "As part of our ongoing maintenance efforts to combat fraudulent activity on our service, we recently shared a communication with select users to reset their passwords as a precaution. As a best practice, we strongly recommend users not to use the same credentials across different services to protect themselves."
As TechCrunch points out, this may be an example of a "credential stuffing attack," in which hackers scrape usernames and passwords from other hacked sites and try to use them to get into other sites. Recently security breaches include Facebook, which "unintentionally uploaded" 1.5 million users' email addresses without their consent, and Singapore's Health Sciences Authority, which compromised the personal information of 808,000 blood donors that somehow wound up on the Internet.
This is the third time Spotify has sent me an email about “suspicious activity” and I can only hope that whoever’s trying to get into my account changed the card information because i can’t afford this months lol— em (@emrwise) May 23, 2019
Huh. Unexpected email from Spotify due to some "suspicious activity". My password is randomly generated and long so makes me wonder what happened there.— Al (@x00) May 23, 2019
I randomly listened to country music for like one day just to give it a chance and Spotify is making me reset my password due to “suspicious activity” ------— Luke Washburn (@LukeWashburn) May 23, 2019