Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Account hijacked through 2FA to play a song over and over again + other issue

Account hijacked through 2FA to play a song over and over again + other issue

Plan

Premium

Country

the Netherlands

 

Device

(iPhone X)

Operating System

(iOS 10)

 

My Question or Issue

Last week I walked to my car to see that a song was already playing, a song I had never played before, only had about 15 listeners a month and 2000 plays. Strange, but maybe I clicked on it somehow.

 

This morning I woke up only to find that that song was playing again, on repeat, and has probably been playing on repeat all night. Not on my computer/phone/console though, no it was playing on a Web Player.

 

The same song was playing again, but it now had 37 listeners a month and already +- 110K views, which got me thinking that someone is probably using stolen Spotify accounts to boost their own music and make money from it.

 

Now I wanted to log that browser out and see how they got access, since Im logging in through Facebook and have 2FA enabled I have no idea how they did that. I also checked my facebook logins and see no unusual activity at all. I wanted to check my account page on Spotify but get an error message for every page I try to load (Doesnt matter if I use Chrome or Firefox).

 

Now my questions:

- How was someone able to login through 2FA

- Why am I getting error messages when I try to access my accounts pages

- What, if any, actions will be taken against this, most certainly, abuser?

 

Edit: I've logged out everywhere, changed my spotify password and switched from Facebook login to email+pass login. I assume that should solve it..?

 

Screenshots from the song/artist that was playing:

 

Accounts error page:

Reply
18 Replies

Just started playing again...

Hey @niekt, thanks for letting us know. 

 

We'll make sure to check this out. In the meantime, make sure to follow the steps provided on this help article in order to secure your account.

 

Let us know if there's anything else!

Hey there, 

 

Thanks for letting us know about this. If you're visiting this page and are also experiencing this, add a +Vote and let us know:

Make sure to follow the steps provided on this help article

 

Thanks!

@Jemi this is the url: spotify:track:2d3dU5a3d7IMvppD1S7emt / https://open.spotify.com/track/2d3dU5a3d7IMvppD1S7emt?si=jxO9Glt3RFKvgaymLGBG9w

 

The other information is already provided in the OP I think.

I'm afraid changing how you log in won't solve it. My account's been hijacked twice now, all using 2FA and long randomized passwords. There is a huge leak somewhere in the Spotify system, but they keep saying they're secure and a breach has probably occurred somewhere else. Nope.

Hey @niekt, thank you for providing us with the URI. We're still looking into this and will get back as soon as we have updates. 

 

In the meantime, did you check out this help article in order to secure your account?

 

@londonjohn we appreciate your feedback. The best way to to secure your account is to check out the help article above and follow the steps.  

 

All the best!

@Jemi I'm eagerly waiting to see what was the cause of this. I assume you can see how someone else logged in to my account? Would be great if you can share that with me.


At the time of speaking the song has almost 200.000 plays, with 47 active listeners this month. How come no action has been taken yet?

Hey there folks,

 

Thanks so much for taking the time to report this.

 

We've alerted the right teams and they'll be looking into this.

 

Please keep in mind to follow all the steps in this support site article if you see any unexpected activities on your account, including reaching out to us. This way, our support staff can take a look behind the scenes for you.

 

You can also take a look here for more info.

 

Hope this helps clarify things. Have a lovely day!

KaterinaModerator
Help others find this answer and click "Accept as Solution".
If you appreciate an answer, maybe give it a Like.
Are you new to the Community? Take a moment to introduce yourself! 

@katerina As mentioned earlier: "

I'm eagerly waiting to see what was the cause of this. I assume you can see how someone else logged in to my account? Would be great if you can share that with me.


At the time of speaking the song has almost 200.000 plays, with 47 active listeners this month. How come no action has been taken yet?"

 

Right now it has 54 listeners and 250k plays. Why is nothing being done about this and can I get a reply to my questions?

@londonjohn have you received any reply or more information Spotify staff?

Hey there @niekt. Only the reply that people are looking into it. It's pretty frustrating. Have you?

@londonjohn no nothing more than that. Very frustrating. I try to keep everything pretty secure online, and if this leak was my fault somehow I want to know how/why/what/when/where haha.

 

It's also beyond strange that nothing is being done about the, obvious, fraudulent plays that one song is getting. It was at 248k yesterday already. Thats 50k plays in 3 days!

In my case I'm suddenly following all kinds of artists I've never heard of
and playing them too. Same as happened a few months ago. 😑

@Katerina is there an update to this?

 

It's now at 375k+ plays with 76 listeners. Is there anything being done about this?

No update from Spotify mods/admins/devs? Is there any way to see last activity by IP/Region/Date/Time (as is possible for almost every online account I can think of)

I get this too.

 

I followed the steps from the article here: https://support.spotify.com/us/account_payment_help/privacy/someone-has-gained-access-to-my-account/ 

  • I've changed my password from Facebook
  • Checked my FB account access from devices and cleared out old ones
  • Did sign out everywhere 

but I still saw someone was playing from Web Player when I logged in. 

Screen Shot 2019-08-07 at 11.56.21 AM.png

 

 

This is the playlist that was playing:

Screen Shot 2019-08-07 at 12.07.03 PM.png

 

 

Help. 😞 

Lol spotify definitely has a big security issue somewhere and theyre taking no steps to fix it...

It's happening again. 

 

And it keeps playing the song even when I stopped it. 

 

Ive had it with Spotify. I'm cancelling my account and transfering to Deezer. Anyone here know if it's any good? 

Suggested posts