Account Hacked

So I woke up this morning, noticed I had a new login notice in my email. Someone logged into my Spotify from the middle east and I live on the west coast. They had changed the password and email address on the account. I was able to solve the problem easily with spotify support. But how does this even happen? I only login to Spotify from two devices. I verified my Gmail account is secure, which has 2 factor authentication on it. How does someone just randomly breach a spotify account?

EDIT:

I figured I would add this in just in case someone is reading an old reddit post in the future. If you read the comments a common thought was that my account had a shared password with another account of mine that was compromised. I can verify that it had a unique password at the time of the break in. I also followed a commenters advice and checked my email at :https://haveibeenpwned.com/ My email had been involved a number of data breaches. I also found this old reddit thread from a guy who used to crack Spotify accounts:

https://www.reddit.com/r/spotify/comments/ec536z/why_spotify_users_are_getting_hacked_daily/

I'm guessing my email was found by a hacker from one of the many data breaches it was involved in. Since Spotify makes your email address your username all they would have to do after that is discern that my email was linked to a Spotify account and run a brute force attack and then they're in. My password wasn't anything earth shatteringly secure. I'm guessing there's some automated way a person could check what emails are attached to Spotify accounts.

To secure my account I put a new email address AND password on it. An email address that has never been pwned and never used in a data breach. That way that can't simply try to brute force my new password just like the old one.

Madison Howard

Share Your Mood

PNWtech-economics

Account Hacked