Account hijacked through 2FA to play a song over and over again + other issue

Reply

Account hijacked through 2FA to play a song over and over again + other issue

niekt
Music Fan

Plan

Premium

Country

the Netherlands

 

Device

(iPhone X)

Operating System

(iOS 10)

 

My Question or Issue

Last week I walked to my car to see that a song was already playing, a song I had never played before, only had about 15 listeners a month and 2000 plays. Strange, but maybe I clicked on it somehow.

 

This morning I woke up only to find that that song was playing again, on repeat, and has probably been playing on repeat all night. Not on my computer/phone/console though, no it was playing on a Web Player.

 

The same song was playing again, but it now had 37 listeners a month and already +- 110K views, which got me thinking that someone is probably using stolen Spotify accounts to boost their own music and make money from it.

 

Now I wanted to log that browser out and see how they got access, since Im logging in through Facebook and have 2FA enabled I have no idea how they did that. I also checked my facebook logins and see no unusual activity at all. I wanted to check my account page on Spotify but get an error message for every page I try to load (Doesnt matter if I use Chrome or Firefox).

 

Now my questions:

- How was someone able to login through 2FA

- Why am I getting error messages when I try to access my accounts pages

- What, if any, actions will be taken against this, most certainly, abuser?

 

Edit: I've logged out everywhere, changed my spotify password and switched from Facebook login to email+pass login. I assume that should solve it..?

 

Screenshots from the song/artist that was playing:

 

Accounts error page:

18 Replies

Re: Account hijacked through 2FA to play a song over and over again + other issue

niekt
Music Fan

Just started playing again...

Re: Account hijacked through 2FA to play a song over and over again + other issue

Jemi
Spotify Legend

Hey @niekt, thanks for letting us know. 

 

We'll make sure to check this out. In the meantime, make sure to follow the steps provided on this help article in order to secure your account.

 

Let us know if there's anything else!

JemiModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
"Use the force, Harry" - Gandalf

Re: Account hijacked through 2FA to play a song over and over again + other issue - Status changed to: Under investigation

Jemi
Spotify Legend

Hey there, 

 

Thanks for letting us know about this. If you're visiting this page and are also experiencing this, add a +Vote and let us know:

Make sure to follow the steps provided on this help article

 

Thanks!

JemiModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
"Use the force, Harry" - Gandalf

Re: Account hijacked through 2FA to play a song over and over again + other issue

niekt
Music Fan

@Jemi this is the url: spotify:track:2d3dU5a3d7IMvppD1S7emt / https://open.spotify.com/track/2d3dU5a3d7IMvppD1S7emt?si=jxO9Glt3RFKvgaymLGBG9w

 

The other information is already provided in the OP I think.

Re: Account hijacked through 2FA to play a song over and over again + other issue

londonjohn
Casual Listener

I'm afraid changing how you log in won't solve it. My account's been hijacked twice now, all using 2FA and long randomized passwords. There is a huge leak somewhere in the Spotify system, but they keep saying they're secure and a breach has probably occurred somewhere else. Nope.

Re: Account hijacked through 2FA to play a song over and over again + other issue

Jemi
Spotify Legend

Hey @niekt, thank you for providing us with the URI. We're still looking into this and will get back as soon as we have updates. 

 

In the meantime, did you check out this help article in order to secure your account?

 

@londonjohn we appreciate your feedback. The best way to to secure your account is to check out the help article above and follow the steps.  

 

All the best!

JemiModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
"Use the force, Harry" - Gandalf

Re: Account hijacked through 2FA to play a song over and over again + other issue

niekt
Music Fan

@Jemi I'm eagerly waiting to see what was the cause of this. I assume you can see how someone else logged in to my account? Would be great if you can share that with me.


At the time of speaking the song has almost 200.000 plays, with 47 active listeners this month. How come no action has been taken yet?

Re: Account hijacked through 2FA to play a song over and over again + other issue

Moderator
Moderator

Hey there folks,

 

Thanks so much for taking the time to report this.

 

We've alerted the right teams and they'll be looking into this.

 

Please keep in mind to follow all the steps in this support site article if you see any unexpected activities on your account, including reaching out to us. This way, our support staff can take a look behind the scenes for you.

 

You can also take a look here for more info.

 

Hope this helps clarify things. Have a lovely day!

KaterinaModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
"Kindness is the language which the deaf can hear and the blind can see." - Mark Twain

Re: Account hijacked through 2FA to play a song over and over again + other issue

niekt
Music Fan

@katerina As mentioned earlier: "

I'm eagerly waiting to see what was the cause of this. I assume you can see how someone else logged in to my account? Would be great if you can share that with me.


At the time of speaking the song has almost 200.000 plays, with 47 active listeners this month. How come no action has been taken yet?"

 

Right now it has 54 listeners and 250k plays. Why is nothing being done about this and can I get a reply to my questions?

SUGGESTED POSTS