I switched to Tidal from Spotify because as secure my password is, I would always be intereupted mid-listening by my app putting on a shitty random music (often RAP) and discovered that there was an underground operation of people using pirated accounts to inflate stream numbers to get into the popular playlists.
And with Tidal I can use Tidal-DL to download flacs to my Navidrome server which is cool.
If your account is linked to your Google, Apple or Facebook account that might be the culprit (I think you can see this in yout account settings). You need to check that because the consequences could be way worse than just having access to your Spotify account. You can use HaveIBeenPwned to look for leaks matching your e-mail address or password.
Another possibility is that your browser/OS or spotify client was infected by a token stealer which can automatically steal your access tokens as you log-in after changing the password.