Type in your question below and we'll check to see what answers we can find...
If you couldn't find any answers in the previous step then we need to post your question in the community and wait for someone to respond. You'll be notified when that happens.
Simply add some detail to your question and refine the title if needed, choose the relevant category, then post.
Before we can post your question we need you to quickly make an account (or sign in if you already have one).
Don't worry - it's quick and painless! Just click below, and once you're logged in we'll bring you right back here and post your question. We'll remember what you've already typed in so you won't have to do it again.
My Question or Issue
I sent a song request via link to a friend of mine. He has no Spotify and was directly sent to the App Store after clicking on the link. After installing Spotify he instantly got access to my account. He was able to see my profile pic, to control the music on all devices that had Spotify open, basically he could do everything with my account. I assure you that either his phone or him was ever connected with my account. I guess this should not happen
Hey there @KimioN.
Welcome to the Community, Rest assured Spotify takes Security extremely seriously and has a dedicated team and safeguards in place which you can learn more about here.
Could you let me know a bit more information so I can try and replicate and pass it across to the right folks if required. With regards to 'song request via link', could you let me know what this link was or how you obtained this and then also were you both on the same network? Alongside this could you let me know what devices your both using and if used any devices you were streaming to such as an Echo or Sonos.
thanks for your replay! The following happened in detail:
I'm using an iPhone 11, my friend uses the new iPhone SE.
I sent him the following link (share a song via Spotify): https://open.spotify.com/track/1QHzf28GKB4xblsVPS6LPs?si=GjToqynlQgi_Szx90lJL0A
At this moment my friend just finished setting up his new iPhone and hadn't installed Spotify yet. He clicked on the link what leaded him directly to the AppStore. He then downloaded Spotify, opened it afterwards and had directly access to my account. He hadn't even been asked for an email and password. He was as surprised as me. It was quite funny actually because he could control all my Spotify devices like amazon Alexa but i know that this is something that definitely shouldn't happen.
To your other questions: we were not using the same network. My Spotify account is connected with an Echo dot.
I hope you can reproduce this bug with this information, I'm looking forward to your answer!
Hey there @KimioN!
Thanks for your speed reply! It sounds like he was using Spotify Connect which as long as your connected to the same network or near one of these devices in WiFi/Bluetooth range you can do and is a feature by Spotify. Read more here.
This video explains it rather quickly too:
However I'm going to try replicating this just to confirm it is Spotify Connect, stay tuned.
As mentioned, we werde definitely not using the same network. What happened was not the Spotify connect feature but he was logged into my account as if he entered my email and password. I later got an email from Spotify that someone logged into my account.
I'm using Spotify such a long time and I think that this was not the sense of sharing a song.
Thanks for investigating!
I've trying to replicate this with a few of my fellow Community Stars.
I'm being prompted to login and I have no way around this and no access to any account. I have even tried the link above and followed the steps you've mentioned without having the Spotify App and installing it like you said. Could you also confirm what features of your account you think he had 'access to without login' was it just song control?
Also, with the email how long after was this sent to you and if possible could you screenshot and send this in the thread? @KimioN
By the way: he didn't set up his iPhone with a backup so it was on factory settings.
We also tried to replicate the error without success. I'm also thinking to myself how such a simple procedure can lead to such an error...
Also, with the email how long after was this sent to you and if possible could you screenshot and send this in the thread? @KimioN.
Was it a message like this in-app?
Of course my friend was using Spotify Connect when he controlled my devices. But he was able to do so because he suddenl had complete access to my account. Just by clicking on the link of the shared song. The mail from Spotify came 2 hours later.
I know this sounds strange. I assure you, this is not an mistake of myself, I finishing my master in electrical engineering at the moment and know quite well which procedures should or shouldn't happen in technical issues like this one..
No worries I understand you know your stuff but I ask as it's just helping us rule out different factors which could have caused this as the teams that we'd refer this to at Spotify would want us to rule anything that could be expected behavior.
Could you screenshot that email at all and upload it in this thread?
This is the mail from Spotify, it is in German, I'm sorry 😕
No, my friend called me exactly at 14:47 to tell me that he was logged into my account. The email came at 16:47 as you can see in it.
I know how strange it sounds, I hope there is any way to replicate the error, thank you for your quick answers and your help
Have you ever logged in to Spotify using your friends devices before (even if not the SE) - such as any Apple Device, he owns?
I thought about the same. I have not. Plus, the phone was on factory settings an set up the same day. It has never had Spotify installed at that moment. No backup was installed either.
I never shared my account to any device also. He never had access to my account
Apple has a way of storing passwords based on your Apple ID, doesn't matter if the device is factory reset as they are re-added when you login to a Apple application such as the App Store or the setup process when starting a new phone these logins are stored in the cloud.
Could you ask your friend to launch Siri and say 'Hey Siri, show my passwords'. Apple will then trigger for your Face ID/Passcode.
Scroll to the 'S' section. Find the Spotify logo and then click on the tab, can you ask him if it displays your email/username?
Let me know.
Let us know how you get on.
Just thought I’d let you know and hopefully this can reassure you, Spotify doesn’t share any account info when you share a link for any type of content.
Myself when tweeting from @AskRockStars (I personally use my own Spotify to share tracks to users and I’ve have no behaviour like this) and also my pals @SpotifyCares and Spotify’s other social handles generate links the same as you and there’s 100,000’s of these shared on Social Media and through many platforms daily and I’ve never personally seen this before nor has any of the other Rock Stars I have queried and attempted to replicate this who are on the Community nor have found any similar complaints on the Community however rest assured I’m still trying actively to see if there’s anything else which could have caused this & I’m trying to see if we can replicate this but I’ve had no success however would be keen to know how you get on.
I'll be standing by.
Hey there you, Yeah, you! 😁 Welcome - we're glad you joined the Spotify Community! While you here, let's have a fun game…