The recent security breach involving access tokens would not apply here, for example, because they were access tokens for Facebook, not for linked apps. It would be a security breach that resulted in that (access tokens compromised), rather than the oft-reported privacy breaches (profile data compromised), but yes.
> Does a Facebook breach let the attackers get into your Spotify account? When I later saw the price of hacked Spotify accounts, I thought it was a great value! This intruder was basically able to free-ride on our plan and force her our of her own account. She registered a new account and added it to the plan. To make things worse, she was the one who started our family-plan, and their customer support was unable to simply migrate the plan to her new account. Sorry! They advised her to create a new account and they would gift it with some duration of premium access. We emailed Spotify about this as it was happening and there was no way to lock this person out. She had to basically listen to what they were listening to, it was a bit comical. My friend had her password guessed (you can buy hundreds of hacked premium Spotify accounts online for <$1/each) and was powerless against the person who had been using her account. Changing your password doesn't invalidate other sessions.
Another bizarre Spotify #wontfix is how you have (or at least had, this was two years ago) no recourse against someone with access to your account.
