> Does a Facebook breach let the attackers get into your Spotify account?

It would be a security breach that resulted in that (access tokens compromised), rather than the oft-reported privacy breaches (profile data compromised), but yes. The recent security breach involving access tokens would not apply here, for example, because they were access tokens for Facebook, not for linked apps.

> Does it leak the existence of your Spotify account?

Yes, see https://www.facebook.com/settings?tab=applications and search for Spotify.

> Is there personal information from your Spotify account that can be gotten via a Facebook breach?

If Facebook issued an invalid access token that authorized an attacker to use your Spotify account, they would be able to see anything you can see in your Spotify account. If your profile data was leaked, anything Spotify published to your Facebook profile might be accessible.

"Spotify" is a stand-in for any SSO app, and "Facebook" is a stand-in for any SSO provider, of course. There's nothing special about Spotify and Facebook here, it might as easily be FarmVille and Google.

> who are not getting rid of Facebook itself what are the security and privacy risks of using it for login for other services such as Spotify?

Facebook could decide arbitrarily, or by bug or mistake, to deny you access. Why use them at all? Convenience. Everyone is free to do the convenient thing. Just don't complain when your convenience fucks your over.

For me, I am in the processing of using Facebook less, trying to get rid of it. I still have some international friends where it is my ownly reliable way to contact them, so I have to keep the account. But I don’t want to use it for anything else in the event I can eventually sunset it entirely.