print   email   Share

Spotify Breach: It's Time To Go To A Password Manager

Founded 14 years ago, the music streaming service Spotify now has 320 million users.

During the summer of 2020, hackers accessed at least 300,000 Spotify accounts, stealing login credentials, email addresses, and other user data. On July 3, 2020, vpnMentor discovered the records of 300,000 to 350,000 unique Spotify users in a database.

According to vpnMentor, the hackers were using the accounts to defraud Spotify and the users themselves. The organization stated that over the next three weeks, it helped Spotify identify the hackers that own the database, isolate the issue, and protect customers from further attacks. vpnMonitor said it implemented a "rolling reset" for compromised user passwords. Urian Buenconsejo "300,000 Spotify Users Hacked: Email Addresses, Logins, and Other Data Exposed" (Nov. 26, 2020).


Spotify recommended that users change their password to a stronger password, including on services and apps associated with their Spotify account. Users should also “sign out everywhere,” which is important to make sure unknown or unwanted devices are not signed into their account.

These are good steps to follow anytime you receive notification from an organization that your account may have been hacked. You should use unique, strong passwords on every account. However, if you do use the same password on other accounts as on the account that was accessed, you must immediately change those passwords as well to unique, strong passwords.

If you struggle remembering unique passwords for every account, use a password manager. It is better to take advantage of technological tools to help you remember passwords than to use the same password on every account because you think you can’t remember them all. Most password managers provide passwords that are more difficult to crack and keep all your passwords in one place.

Finally, your opinion is important to us. Please complete the opinion survey: