Some Spotify users received an email saying that their password had been reset due to “suspicious activity” within the platform, according to TechCrunch. The company didn’t elaborate further on the security issues it uncovered.
“As part of our ongoing maintenance efforts to combat fraudulent activity on our service, we recently shared a communication with select users to reset their passwords as a precaution,” Spotify spokesperson Peter Collins told TechCrunch.
“As a best practice, we strongly recommend users not to use the same credentials across different services to protect themselves,” Collins said, implying that the activity was a stuffing attack.
However, some users claimed to have been using strong, unique passwords across different websites, with one being unique to Spotify. If that’s true, then Spotify could have suffered a breach.
TechCrunch noted that two users who commented on this thread said their passwords were unique to their Spotify account, “casting doubt on the veracity of a credential stuffing attack."