Why Spotify Just Forced Some People to Reset Their Passwords

Spotify is resetting the passwords of some of its users after major data breaches lead to loads of login credentials being dumped online. Don’t worry, Spotify hasn’t been hacked. But if you’re using the same password on every service, it’s probably a good idea to reset them.

This is a really smart move by Spotify, and a strategy that other services are starting to utilize. The easiest way for someone to break into any of your online accounts is by finding a password associated with your email in an online data dump. If you use the same password for every service, just one breach can enable a hacker to gain access to all of you accounts that use the same password. By analyzing publicly available password dumps against their own user database, Spotify can reset the password of users found in the dump, thus making them safe from a hackers who might exploit people’s password reuse.


When reached by email, Spotify wouldn’t say what dump prompted them to issue some password resets. However, a huge Dropbox dump with over 60 million accounts from 2012 surfaced online yesterday, so that very well could be it.

One of the easiest ways to protect your online accounts is by using a unique password for every service. Spotify was proactive in protecting its users here, but you can’t trust that every service will do this for you.



Share This Story

Get our newsletter

About the author

William Turton

Staff Writer, Gizmodo | Send me tips: william.turton@gizmodo.com

PGP Fingerprint: 88DF AB75 FAFC 1D10 4C45 A875 CA45 ABE6 B08D 8E52PGP Key
OTR Fingerprint: 47F02E79 399AB8FA CC2A4DEF 4573B25F 18AB41D2