Announcements

Help Wizard

Step 1

NEXT STEP

Hacking – Potential Vulnerability in Spotify Login Page

Hacking – Potential Vulnerability in Spotify Login Page

Avatar of clinto1
Newbie
2021-02-04 08:39 PM

So for the past 3 months, my Spotify account has been hacked multiple times. When a hack occurs, I go through all the steps that Spotify suggests like: reset password, sign out of all devices, disconnect third-party apps, etc. This seems to only keep the hacker at bay for a bit, because a couple weeks later, BAM! My account gets hacked again. After looking through the Spotify community forums, this issue seems to occur A LOT.

 

Out of frustration, I went out to investigate why this keeps happening to me, and I have some serious concerns about some of the security to the Spotify login screen. 

 

The issue

I found that there doesn't seem to be a limit on the amount of wrong passwords you can enter into the password field.

So theoretically, if you know your victim's email or username. You could simply use a brute force bot to keep guessing passwords to easily defeat the Spotify security. The only defense from this is an invisible captcha on the login page, but it's only triggered by suspicious mouse movements or click events so it doesn't seem that hard to bypass.

 

The Fix

This can be easily fixed by triggering a popup captcha on a certain amount of login attempts. Like if a person puts in more than 10 wrong login attempts, hit them with a captcha.

0 Likes
Reply
3 Replies

Avatar of Hubo
Community Legend
2021-02-04 11:10 PM

Hey @clinto1, thanks for joining the conversation on the Spotify Community!

Thanks for taking the time to write this down here. I can imagine your frustration here. The security teams at Spotify take securing your personal data very seriously. There's also some things you can do: https://support.spotify.com/article/protect-your-spotify-account/.

 

About this, I've just checked the login page and I can see ReCaptcha, on my end, in the lower-right corner. Could you check if you can see it too? 

 

Lastly, I think you might be interested in giving a VOTE+ to this idea: https://community.spotify.com/t5/Live-Ideas/Security-2-Factor-Authentication/idc-p/1017979.

 

Let me know if you have any questions!

Have a great one,

Hubo

 

 

 

HuboSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.
0 Likes

Avatar of wolflikeme
Gig Goer
2021-02-10 03:17 PM

I'm having the same problem. I think it started on Monday. Music being played on my account all through the night and morning. When I try play something I want to hear, it immediately skips back to the album that was originally (ghost) playing. 

 

I have followed all the steps in the support article. I have changed my password (3/4 times in the last few days), logged out of all devices and signed back in. The ghost songs were being played immediately after signing back in (WITH A NEW PASSWORD). I have also removed all the apps that could access my account (including facebook) changed my facebook password and signed back in, changed my Spotify password again, signed back in and the bot was in my account from the off.

 

This is a blatant disregard for customer privacy and data. Your platform is being compromised and the steps in the support article are completely ineffective. As a premium subscriber of many years I expect better. Sort it out or I'll give my money to a platform that takes its customers privacy more seriously. 

0 Likes

Avatar of ericellb
Newbie
2021-02-11 07:39 PM

Same issue here, completely disgusting the spotify refuses to acknowledge this security breach.

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 2 years ago in Social & Random
Read more