WingNews logo WingNews GitHub [2]
top | item 19980955

Ask HN: What happened to trigger my Spotify password reset?

10 points| philshem | 6 years ago | reply

Got this email today

> To protect your Spotify account, we've reset your password due to detected suspicious activity.

Haven’t used it recently or logged in to any new device. Leads me to suspect a data breach.

14 comments

order
[+] TadaScientist|6 years ago|reply
I had a similar issue not long ago. I went in and really changed it into a massive 50 character pw.

My spotify account was hijacked in 2017 and managed to get it back - someone from Tunisia - he had the audacity to start creating playlists full of autotune rappers. I wouldn't mind sharing but man his taste in music was awful.

[+] IpV8|6 years ago|reply
Same thing happened to me, right around the same time. Also my hijacker shared a similar taste in music to yours! Spotify denied that they had any database breaches, but I only use that password for spotify so I find that highly unlikely.
[+] Benjmhart|6 years ago|reply
Was there some kind of big breach in 2017? My account wasn't even pro! I just logged into my account after a couple months and someone else was using it!
[+] philshem|6 years ago|reply
Interesting. A couple months ago I did have some weird thing where some song I never heard of kept playing and starting again when I chose my own song. My account is a free one, and limited to one concurrent player, so I see no need to “share”
[+] rahimnathwani|6 years ago|reply
I received a 'Reset your Spotify password' email yesterday, sent to a unique email address I use only for Spotify. (And it's not of the commonly-used [email protected] format.)

The only ways I can imagine someone would get that email address are:

A) From Spotify (i.e. breach)

B) From Google (as I linked my Spotify account to Google Home, which presumably shares the registered email address)

C) From some poor security practice on my part (e.g. maybe I entered the email address on a phishing site, or have malware on one of my devices, or someone has access to my email, ...)

D) Guessing it.

I had presumed C or D, but given the timing of your post, I'm now not so sure...

[+] arcboii92|6 years ago|reply
Maybe spotify downloaded a data breach and ran it against their db to force better password practices? My user/default password plaintext combo from when I was 15 was leaked in some EA hack a long time ago. That caused such a headache that I stopped using the same thing everywhere except free services. This initially included spotify. Then I upgraded to premium, and about a month later someone was trying to kick me out of my account (listening from their device) and kept playing weird music. Now everything has its own password. EVERYTHING.
[+] majormunky|6 years ago|reply
I had the same message a few days ago. I have family premium, so, I checked the family invites, and, there were 3 unknown invites that I hadn’t seen before (they hadn’t accepted them yet though). It seems odd that I wouldn’t get an email saying that a family invite was sent out.
[+] philshem|6 years ago|reply
Netflix has a great service of showing where the account was logged-in from. Spotify would benefit from the same.
[+] psilocybergirl|6 years ago|reply
i used a password for Spotify i used nowhere else...and yes...lots of music and artists and albums are being deepfaked...it's kinda fun..it doesn't seem to be malicious in my case but perhaps it is...but yeah...artists all of a sudden everywhere resemble my ex-boyfriend...hmmm ....some songs are actually delivering beautiful and insightful messages seemed to be tailored towards me too