This is the third breach in the past few weeks for the world s most popular streaming service. Spotify says the exposure was due to a software vulnerability that existed from April 9 until Nov. 12 when it was corrected. The company urges users to update passwords for other accounts tied to the same email account. In late November, Spotify was on the receiving end of a rash of account takeovers following a credential-stuffing operation. In this type of attack, threat actors bet on people reusing passwords to gain access to a range of accounts.
Source: https://threatpost.com/spotify-changes-passwords-data-breach/162256/