The only ways I can imagine someone would get that email address are:
A) From Spotify (i.e. breach)
B) From Google (as I linked my Spotify account to Google Home, which presumably shares the registered email address)
C) From some poor security practice on my part (e.g. maybe I entered the email address on a phishing site, or have malware on one of my devices, or someone has access to my email, ...)
D) Guessing it.
I had presumed C or D, but given the timing of your post, I'm now not so sure...