Spotify Reset Some Users' Account Passwords Because Of 'Suspicious Activity'
Photo Credit: London, UK - July 31, 2018: The buttons of the music streaming app Spotify, surrounded by Podcasts, Apple Music, Facebook and other apps on the screen of an iPhone.

Spotify Reset Some Users' Account Passwords Because Of 'Suspicious Activity'

Vanessa Taylor

Vanessa Taylor. May 24, 2019.

A music-streaming site is probably one of the last places you’d expect hackers to hit. Sadly, you may have expected wrong. On Thursday, Spotify notified an unspecified amount of users that the company reset their passwords — but didn’t clarify why.

The most detail Spotify gave users were telling them that their passwords were reset “due to detected suspicious activity,” as TechCrunch reported.

Some Spotify users took to Twitter to express their confusion.

“Huh. Unexpected email from Spotify due to some ‘suspicious activity’. My password is randomly generated and long so makes me wonder what happened there,” one user tweeted.

Although Spotify didn’t elaborate on what’s happening, it’s possible that this is an example of a “credential stuffing attack.” That’s where hackers scrape lists of usernames and passwords from hacked sites. Then, they use that information to get into other sites.

“As part of our ongoing maintenance efforts to combat fraudulent activity on our services, we recently shared a communication with select users to reset their passwords as a precaution. As a best practice, we strongly recommend users not to use the same credentials across different services to protect themselves,” a Spotify spokesperson told Billboard.

See other reactions below: