Spotify account hacked: playlists, Facebook login, and billing
A hacked Spotify account is often not an isolated incident but a sign that your login credentials have been leaked or reused. If Spotify was compromised, there's a high chance the same password is used on other accounts—email, social media, or even banking.
Spotify is often one of the first accounts to show that your credentials are already circulating online.
Typical attack patterns
Leaked passwords, credential stuffing, and shared family invites. Attackers may piggyback on someone else’s Facebook session.
If you can log in
Use “Sign out everywhere,” rotate password, remove unknown offline devices, and review connected Facebook/Google Apple logins. Confirm subscription tier and invoices.
Billing fraud
If payment method changed or plan upgraded, contact Spotify support through the app and notify your card issuer for unauthorised charges.
If you use Facebook login
Secure Facebook first—password, sessions, 2FA—then update Spotify to a dedicated password if possible.
Prevention
Unique password, 2FA on email and Facebook, and caution with “free Premium” phishing DMs.
When it is more than Spotify
Same email breach may hit Steam or shopping sites. Run through broader account security.
Spotify hacked—is it the only account?
If your Spotify account was compromised, it's worth checking other accounts too—it may be a sign of a broader credential leak.
Frequently asked questions
- Why do playlists keep changing?
- Another session is likely active. Sign out everywhere and change passwords.
- Can I see device history?
- Spotify shows active devices in the app; remove anything unfamiliar.
- Does Spotify support SMS 2FA?
- Options evolve by region—enable every security feature visible in your account page.
- Someone invited themselves to Family plan?
- Remove members, change password, and check whether your email was compromised.
- Should I delete the account?
- Usually recover first to keep listening history and handle refunds properly.