As many as 100,000 Spotify customers could face account takeover in latest credential-stuffing attack. Spotify forced password resets for impacted users. Back in November, hundreds of thousands of Spotify users were targeted by a malicious third party. Credential-stuffing attacks have been used by companies including the North Face, Dunkin Donuts and Nando s in the past three months. Users should enable multi-factor authentication (MFA) on their Spotify accounts and avoid using more than once passwords.
Source: https://threatpost.com/spotify-credential-stuffing-cyberattack/163672/