My Question or Issue
Last week I walked to my car to see that a song was already playing, a song I had never played before, only had about 15 listeners a month and 2000 plays. Strange, but maybe I clicked on it somehow.
This morning I woke up only to find that that song was playing again, on repeat, and has probably been playing on repeat all night. Not on my computer/phone/console though, no it was playing on a Web Player.
The same song was playing again, but it now had 37 listeners a month and already +- 110K views, which got me thinking that someone is probably using stolen Spotify accounts to boost their own music and make money from it.
Now I wanted to log that browser out and see how they got access, since Im logging in through Facebook and have 2FA enabled I have no idea how they did that. I also checked my facebook logins and see no unusual activity at all. I wanted to check my account page on Spotify but get an error message for every page I try to load (Doesnt matter if I use Chrome or Firefox).
Now my questions:
- How was someone able to login through 2FA
- Why am I getting error messages when I try to access my accounts pages
- What, if any, actions will be taken against this, most certainly, abuser?
Edit: I've logged out everywhere, changed my spotify password and switched from Facebook login to email+pass login. I assume that should solve it..?
Screenshots from the song/artist that was playing:
Accounts error page: