Spotify is giving away a free Google Home Mini to any account with the family plan. That’s pretty neat. And they are doing it for new and existing users, which is great because it doesn’t make the mistake of punishing existing customers in the pursuit of acquisition.

It makes sense for Spotify – get folks to upgrade from the $10 personal plan to the $15 family plan. It makes sense for Google – they are throwing tons of money to be the smart speaker/display platform in your home. (Aside: I have a half-written blog post about why I switched from Alexa to Google Home, but the tl;dr is that being able to Chromecast Spotify was the deciding factor)

There’s no catch – a Google Home Mini ostensibly costs $50 and you get it for $0. So what’s the downside?

A person at my coworking space just posted this in Slack:

Last night someone got into my Spotify account to upgrade it to a Family Plan to take advantage of a promotion for a free Google Home Mini. I was able to cancel that upgrade (and got the free Home Mini too!), but definitely keep your eyes peeled for any unauthorized access

That brought up other stories about Spotify getting hacked, something that seems to happen with anecdotal regularity. Now there’s a financial incentive for the hacker: they can score a free Google Home that they can turn around and re-sell. You start paying $5 more per month so that hacker can re-sell your smart speaker.

As always, there are 2 things you should be doing to keep all your accounts safe:

  1. Use a unique password for every site, which means using a password manager. If you are all-in on Apple, iCloud Keychain does a decent job too. Mozilla is making inroads here too.
    Yes it’s a pain to start and change your passwords, but you absolutely need to be doing this. Hackers have databases of passwords from so, so many sites. Seriously, click that link and look at all the sites that have been hacked. I guarantee you use at least one of those sites. The hackers will try your password from those sites on other sites and if you reuse your passwords, you will get hacked. How sure are you that you don’t reuse that hacked password?
  2. Use 2 factor authentication wherever you can. Preferably with an app instead of SMS. Sadly, Spotify doesn’t support 2FA, which probably is why lots of folks have stories about them getting hacked.

If you do these 2 things, you will be miles ahead of most people.


Leave a Reply