Account hacked, email and password changed

Reply

Account hacked, email and password changed

dschritt
Newbie

My Spotify account seems to have been hacked. The email address has been changed to maysapoika@gmail.com and the password has also been changed. I have access to the account via Facebook login, but cannot change any information.

Any help with this would be much appreciated!

 
 
21 Replies

EvanFasnacht
Music Fan

You need to contact Spotify asap, here is a link that should get you pointed in the right direction. https://support.spotify.com/us/contact-spotify-support/ from there your best bet will probably be 'account' ---> 'other' ---> 'I still need help' then will want to explain the issue.

 

Hope this helps!

 

- E.

user-removed
Not applicable

Hey Dschritt,

 

I have just replied to your case.  Could you please send the requested info back via that thread?

mikeweft
Regular
Same problem here. My old credentials were stolen from another leaked site and used to change my spotify login/email premium. They disconnected my facebook account too.

user-removed
Not applicable

This has happened to me and I am being charged £9.99 for the priviledge. I have just emailed customer support so shall see what they come back with. Very stressful to find this out and I can not believe that approval texts or other security measures are not sent to confirm that such a major change is being done by you directly. Most big subscription companies do this now-a-days.

mikeweft
Regular

@yep. Member for 5+ years here. Tons of playlists including one I'm making for my wedding... I contacted @SpotifyCares on twitter and they replied to DM them with information but they have not replied for 12+ hours. Also, I noticed that the auto-reply field of the notification says more scefically: "If this wasn't you, email us at account-details-changed@spotify.com to let us know. We'll look into what's happened." - the email came from account-admin@news.spotifymail.com so be sure you reply to the right address.

 

@SO I'm posting here on the community forums, have a support ticket, have sent an email, and am supposedly talking to @SpotifyCares twitter account. 12 hours later I still can't access my stolen account.

 


@user-removed wrote:

This has happened to me and I am being charged £9.99 for the priviledge. I have just emailed customer support so shall see what they come back with. Very stressful to find this out and I can not believe that approval texts or other security measures are not sent to confirm that such a major change is being done by you directly. Most big subscription companies do this now-a-days.


 

user-removed
Not applicable
Yup, I can't tell you how dismayed I am about this. The email is a joke and I don't trust the reply email address which was account-details-changed@spotify.com due to fact that it landed in my spam folder. Is it a legit email address?

The email itself was a joke "Oh we are just letting you know..." as oppose to giving you option to verify it prior to the change.

I might seem paranoid but when I've been hacked, I've lost all trust in Spotify.

mikeweft
Regular

I just finally got an email from support@spotify.com ("Sandra A"):

 

Hello,

We're having a bit of trouble locating your account with the info you sent. So we need some other details:

  • Any other usernames or email addresses you might've used to create an account. If you have a Facebook.com account, please also include your Facebook email address. This can be found under your Facebook settings.
  • The Order ID from an email receipt you were sent when first subscribing, including trials.
  • If paying via PayPal, the Invoice ID. This can be found in the History section ofPayPal.
  • Which devices you’ve logged into the account on.

Hope to hear from you soon and we'll track down the elusive account.

 
Sandra A.

 

=======

 

So I replied with both facebook app id for spotify as well (Security -> Apps -> Spotify -> Get Help From App Developers) plus my original receipt email (thank you gmail for search functionality and Mint.com for searching my credit card chare # for the same exact first purchase...

 

See below... this is what I sent back (minus my own redactions).

 

 

My first purchase order ID from 2011 - username and email

user-removed
Not applicable
Odds on that I receive same worded email.

mikeweft
Regular
Good luck... I feel so close!

mikeweft
Regular

It does look like Sandra is going to help me:

 

Hey there, 

Thank you very much for getting back to us.
We have already found your account. In order to give it back to you, can you just please confirm the last 4 digits of the card used to pay for your subscription?

I'll be waiting for your answer. 

 

I sent her my CC in and even the transaction details in a screenshot from my credit card's web site. I'm SO CLOSE....

user-removed
Not applicable
Boom! Good stuff! Makes me a little less doubtful now.

Good luck too!!

droptheearth
Regular

Finally. Got my account back about 15 hours later.... 

 

Now I just need to go propose some simple process changes in their email changing and 2FA login features and these kinds of situations should melt away...

 

-------------

Hello,

Thank you for sending the requested information.

We've located your account and can confirm that an unauthorized party has taken it over.

Here’s what we’ve done in response:

  • PAYMENT DETAILS ERASED

    During the investigation, we erased your payment details for security purposes. To be able to resume payments, please re-enter your payment details here [redacted]

    However, please be assured your full payment information has never been displayed and that we've always applied rigorous security practices to protect your information.

  • EMAIL ASSOCIATED WITH YOUR ACCOUNT

    In the process of your account being taken over, the e-mail address associated with it was changed, so we’ve now set it to the address you’re writing to us from: [redacted]

Here’s what you can do to help prevent this from happening again:

  • PASSWORD

    It’s important that you first make sure you’re logged out of Spotify.com, then go here to change the password to your Spotify account. We suggest you use a password you haven’t used before for Spotify or other services.

    As mentioned in our previous e-mail, we also strongly suggest you change the password of the e-mail address associated with your Spotify account. 

  • SECURITY

    Please note that if you use Spotify on public computers you should always ensure that you log out before leaving. Simply closing the Spotify application does not constitute logging out. To log out, you go to File > Log Out.

We hope this resolves your issue. If you need anything else please let us know.

droptheearth
Regular

 

[-----]

Sandra A ! Thank you so much! I am back in my spotify account, all with a fresh hard password, all my (even very recent stars) and playlists intact. Easy to re-add my CC info. Easy to re-attach Facebook, Last.fm scrobbler. 

 
There are some process things that could easily have prevented my account from being stolen. Remember, I didn't leave my account logged in elsewhere with a guessable password; my same email+password was leaked from a data breach on another website and tested / successfully used to take control of my spotify account. I spent the afternoon hardening all my accounts with better passwords and, if the service offered it, 2FA (two factor authentication).
 
I have a feeling whoever figured out my my spotify account will have figured out a few more based on the data breach out there. If you make your process such that changing an email address requires confirmation first, and to add 2FA (Slack even has this) Spotify will be much more prevented from these stolen account problems.
 
-Thanks again
-Mike

droptheearth
Regular

 

Ha yes this is me from my recovered account posting. Phewwwww

thejaimesto
Casual Listener

Having the same problem- Email and password changed, although I can still log on via facebook on my mobile phone. And the funny thing is on Spotify community, this account (thejaimesto) isn't even my username, but if I go settings > account then it shows my actual account name (ringfist).

Sadly so far whenever I've put a request on the help page, they've sent the response straight to the imposter email address!

user-removed
Not applicable

I have the same problem and I am currently freaking out. I have paid for the Premium and I am still getting charged. I recieved an email saying my accounts email has just been changed to "ben-hamza89@outlook.com" and I have no idea who this is. I don't know how to cancel my premium since I cant log into my account anymore. I've just emailed the Spotify team and really hope they get this solved. 

alya2303
Newbie

He cambiado la dirección coreo electrónico por error cuadno intentaba gestionar la invitación para ese correo.

necesito recuperar el correo anterior, que es el que me corresponde a mi, suscriptora del a cuenta.

 

Gracias.

 

Alya garcía Lizcano (algarliz@yahoo.es)

Alya García Lizcano

Denovane
Newbie

Mon compte Spotify semble s'être fait piraté contre mon gré, car j'ai reçu un e-mail me disant que mon adresse e-mail a été changé, cette action n'étant pas faite par moi même, j'aimerai recevoir de l'aide pour retourner l'accessibilité de mon compte. 

Mon adresse : denovane.thion@live.fr

Adresse changé : ellopo@live.fr

 

Screenshot_2017-11-16-15-38-10.png

Piotr7
Newbie

my spotify account - it has been hacked against my will. The address that has worked so far is: wyspa40@wp.pl
the hacked address is: mertkant_fb@hotmail.com
I am asking you to restore your active account to the following address: wyspa40@wp.pl

SUGGESTED POSTS