The company has reportedly started a rolling reset of passwords for possibly over 300,000 of its users after it was discovered that an open database containing more than 380 million records, some of which was associated with Spotify, of user data. As a result, to take precautions, it would seem that Spotify has decided that it might be a good idea to reset the passwords of those affected just to play it safe.
The report comes from vpnMentor who says that Spotify was a target of a possible credential stuffing operation. It should be noted that Spotify themselves weren’t breached or hacked. These user credentials could have been stolen from other places, and given that people love reusing the same password for different services, it would make sense for hackers to attempt to login to various accounts using those same credentials in hopes that it works.
So if you log into Spotify and get a notification or an email that says your password has been reset, don’t be alarmed. It might be a good idea to double check to make sure that Spotify is the one that sent you the email, and maybe log into your Spotify account directly instead of clicking on the link just to be safe. It might also be a good time to consider using password managers to help you generate strong passwords that are harder to guess.