Visit HaveIBeenPwned.com to see which specific data breach leaked your email and password.
Using automated software (bots), attackers "stuff" these thousands of combinations into the Spotify login page to see which ones work. SPOTIFY COMBOLIST.txt
If your credentials are in a SPOTIFY COMBOLIST.txt file, you may notice: Visit HaveIBeenPwned
These lists are rarely the result of a direct hack on Spotify itself. Instead, they are aggregated from historical data breaches of other websites (like LinkedIn, Adobe, or smaller forums). 2. How are they used? Instead, they are aggregated from historical data breaches
Once an attacker successfully logs into an account from a combolist, the account is usually handled in one of three ways:
Use a unique, complex password that is not used on any other site.
Accounts are used by automated bots to play specific songs repeatedly, artificially inflating play counts to generate royalty revenue for certain artists.