Sorry if this is the wrong sub.
I recently was a victim of a Spotify username+pw mass list leak on pastebin.
The outcome of the breach has so far been a pain in the ass, but luckily I have not seen any loss of value.
Now I am trying to gather more knowledge of the incident and obviously make sure I can avoid this in the future.
I am usually very cautious regarding account security. I rarely use the same password twice and I use 2-step validation whereever it is applicable.
Here’s where it gets a bit strange; I don’t have Spotify installed on my computer. For the past year or so I have only accessed Spotify through my cellphone, and I always try to have Bluetooth turned off.
I suppose the information could have been gathered a long time ago, but it still seems strange.
My questions are, how are these lists usually generated? What could I do different to avoid this in the future?
Edit: I have an iPhone and have not jailbreaked it.