Spotify is resetting the passwords of some of its users after major data breaches lead to loads of login credentials being dumped online. Don’t worry, Spotify hasn’t been hacked. But if you’re using the same password on every service, it’s probably a good idea to reset them.
This is a really smart move by Spotify, and a strategy that other services are starting to utilise. The easiest way for someone to break into any of your online accounts is by finding a password associated with your email in an online data dump. If you use the same password for every service, just one breach can enable a hacker to gain access to all of you accounts that use the same password. By analysing publicly available password dumps against their own user database, Spotify can reset the password of users found in the dump, thus making them safe from a hackers who might exploit people’s password reuse.
When reached by email, Spotify wouldn’t say what dump prompted them to issue some password resets. However, a huge Dropbox dump with over 60 million accounts from 2012 surfaced online yesterday, so that very well could be it.
One of the easiest ways to protect your online accounts is by using a unique password for every service. Spotify was proactive in protecting its users here, but you can’t trust that every service will do this for you.