Spotify confirmed that it has reset the passwords of an undetermined number of users, but has not given a concrete explanation around its reasons for doing this.
Some Spotify users reported that they have received emails which said that their password had been reset due to “suspicious activity,” but the music streaming giant provided no further explanation about possible security issues within the email.
“As part of our ongoing maintenance efforts to combat fraudulent activity on our service, we recently shared a communication with select users to reset their passwords as a precaution. As a best practice, we strongly recommend users not to use the same credentials across different services to protect themselves,” Spotify spokesperson Peter Collins told TechCrunch.
Some have speculated as a result of this statement that the threat could have been a brute-force credential stuffing attack, where hackers use credentials from other breached websites and try them on Spotify.
However, some Spotify users claim that their Spotify password was unique to their Spotify account – which makes this form of attack unlikely.
Spotify did not respond to follow-up questions from TechCrunch on the matter.