Announcements

Help Wizard

Step 1

NEXT STEP

Spotify account compromised and connected to unknown web player to farm plays for a playlist?

Spotify account compromised and connected to unknown web player to farm plays for a playlist?

Avatar of Herska-
Regular
2018-10-05 01:36 PM

Plan

Premium - not connected to Facebook

Country

Finland

Device

Honor 8

 

My Question or Issue

Hi!

Yesterday i experienced some weird stuff happening with my account. As I tried to listen to music on spotify my music was consistenly switched to a salsa/latin playlist I'd never subscribed to. I had the option to switch the playback to my phone or the Spotify Web Player that was apparently controlling my account and queuing the unwanted latin music. When switching to listen on my phone playback remained there but if I tried to switch playlists or listen to anything else than the playlist in question the music would shortly switch back.

I then noticed that my account had subscribed to this playlist "MIX SELEC" by the user SAMUEL. Still yesterday following the playlist name was a seemingly random-generated string of letters and numbers (the user tag seen in the link below if I recall correctly), but now the playlist name seems to be edited to a less suspicious and clean form. 

I managed to reclaim my account by quickly disconnecting all devices via the Spotify account page and changing my password. The problem persisted for a while but I was ultimately able to regain control of my play queue.

I thought I'd share the details of this attack in order to shed light on a possible security breach. It seems that my account was used to farm plays for a designed playlist, hence the fact the attacker didn't seem to mind that I switched the playback to my phone. Only when changing my music to anything else than said playlist did my account switch back.

 

When the attack occured I wasn't connected to Wi-Fi but instead using mobile data for playback. I also haven't connected my account to Facebook so I'm unsure if the security breach on their behalf last week is connected. As far as I know my account hasn't been connected to web player save for mine and and one friend's home computer. 

It seems that playlist links are not allowed in these posts. The link to the playlist in question is in comments should an admin or someone else require it.

Labels:
Reply
0 Likes
Reply
3 Replies

Avatar of Herska-
Regular
2018-10-05 01:41 PM

Accidentally double posted, sorry about that

Reply
0 Likes

Avatar of Guido
Spotify Legend
2018-10-09 07:46 AM

Hey @Herska-.

 

Thanks for getting in touch.

 

Good that you changed your password and logged out your account from all devices. That's always the best things to do when you notice that someone is messing with your account. You can find more tips on how to protect your account here.

 

If you are still noticing that someone is messing with your account, please follow the instructions on this page.

 

That should help you out. Let us know if you have further questions.

 

Have a nice day!

Reply
0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 2 years ago in Social & Random
Read more