> Does a Facebook breach let the attackers get into your Spotify account?
It would be a security breach that resulted in that (access tokens compromised), rather than the oft-reported privacy breaches (profile data compromised), but yes. The recent security breach involving access tokens would not apply here, for example, because they were access tokens for Facebook, not for linked apps.
> Does it leak the existence of your Spotify account?
> Is there personal information from your Spotify account that can be gotten via a Facebook breach?
If Facebook issued an invalid access token that authorized an attacker to use your Spotify account, they would be able to see anything you can see in your Spotify account. If your profile data was leaked, anything Spotify published to your Facebook profile might be accessible.
"Spotify" is a stand-in for any SSO app, and "Facebook" is a stand-in for any SSO provider, of course. There's nothing special about Spotify and Facebook here, it might as easily be FarmVille and Google.
It would be a security breach that resulted in that (access tokens compromised), rather than the oft-reported privacy breaches (profile data compromised), but yes. The recent security breach involving access tokens would not apply here, for example, because they were access tokens for Facebook, not for linked apps.
> Does it leak the existence of your Spotify account?
Yes, see https://www.facebook.com/settings?tab=applications and search for Spotify.
> Is there personal information from your Spotify account that can be gotten via a Facebook breach?
If Facebook issued an invalid access token that authorized an attacker to use your Spotify account, they would be able to see anything you can see in your Spotify account. If your profile data was leaked, anything Spotify published to your Facebook profile might be accessible.
"Spotify" is a stand-in for any SSO app, and "Facebook" is a stand-in for any SSO provider, of course. There's nothing special about Spotify and Facebook here, it might as easily be FarmVille and Google.