In light of the recent password reuse attacks against other online services such as LogMeIn, GoToMyPc, Netflix, Facebook and other companies are analyzing the data dumps of stolen user credentials posted online and are sending preemptive notices if your email was found on these lists.
A password reuse attack happens when an attacker attempts to log in to a service using credentials previously stolen from other sites.
If you have a Pandora account and you received this email recently, it is advised that you update your password immediately.
Although Pandora is claiming that there are no breaches nor evidence of tampering against the music streaming site, they are sending these emails as a precautionary measure against password reuse attacks.
"If you share passwords across services and haven't updated them recently," Pandora advises," and you haven't already reset your Pandora password, you should do so now."
If you received this email, it is a good idea to check your other online accounts too since attackers will typically reuse this same data across other services.
To protect yourself from such attacks, security experts recommend using strong complex passwords and avoiding using the same credentials for different services.
If the service provides two-factor user authentication, where a code is sent to your phone for verification purposes, it is recommended that you turn that on, too, as an added security measure.