Hacker News new | past | comments | ask | show | jobs | submit login

I received a 'Reset your Spotify password' email yesterday, sent to a unique email address I use only for Spotify. (And it's not of the commonly-used user+spotify@domain.com format.)

The only ways I can imagine someone would get that email address are:

A) From Spotify (i.e. breach)

B) From Google (as I linked my Spotify account to Google Home, which presumably shares the registered email address)

C) From some poor security practice on my part (e.g. maybe I entered the email address on a phishing site, or have malware on one of my devices, or someone has access to my email, ...)

D) Guessing it.

I had presumed C or D, but given the timing of your post, I'm now not so sure...

Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact