Spotify Plugin security issue

So last week I generated for the first time a spotify device password to use on Volumio (the plugin without the number 2 in the name) and less than a week after I received a notification from Spotify saying that my account started to be used in Singapore.
I logged out in all devices on my Spotify security options and it works, but in the next morning someone was using my account in Singapore again and when I check the log, someone else used it in US.

I not sure if this is SCAM inside the plugin or just a security issue. I already changed my device password, what should fix the issue for my side, but I think there’s a big security issue on this plugin

we already had 2 other reports in the past year about Spotify credentials being used elsewhere, in all cases we investigated the issue and found out that the password leak was not imputable to Volumio and spotify connect. We will investigate also on yours, please send me an email to info at volumio dot org and we’ll investigate your issue as well.

Thank you, I just sent the email