Type in your question below and we'll check to see what answers we can find...
Loading article...
Submitting...
If you couldn't find any answers in the previous step then we need to post your question in the community and wait for someone to respond. You'll be notified when that happens.
Simply add some detail to your question and refine the title if needed, choose the relevant category, then post.
Before we can post your question we need you to quickly make an account (or sign in if you already have one).
Don't worry - it's quick and painless! Just click below, and once you're logged in we'll bring you right back here and post your question. We'll remember what you've already typed in so you won't have to do it again.
So for the past 3 months, my Spotify account has been hacked multiple times. When a hack occurs, I go through all the steps that Spotify suggests like: reset password, sign out of all devices, disconnect third-party apps, etc. This seems to only keep the hacker at bay for a bit, because a couple weeks later, BAM! My account gets hacked again. After looking through the Spotify community forums, this issue seems to occur A LOT.
Out of frustration, I went out to investigate why this keeps happening to me, and I have some serious concerns about some of the security to the Spotify login screen.
The issue
I found that there doesn't seem to be a limit on the amount of wrong passwords you can enter into the password field.
So theoretically, if you know your victim's email or username. You could simply use a brute force bot to keep guessing passwords to easily defeat the Spotify security. The only defense from this is an invisible captcha on the login page, but it's only triggered by suspicious mouse movements or click events so it doesn't seem that hard to bypass.
The Fix
This can be easily fixed by triggering a popup captcha on a certain amount of login attempts. Like if a person puts in more than 10 wrong login attempts, hit them with a captcha.
Hey @clinto1, thanks for joining the conversation on the Spotify Community!
Thanks for taking the time to write this down here. I can imagine your frustration here. The security teams at Spotify take securing your personal data very seriously. There's also some things you can do: https://support.spotify.com/article/protect-your-spotify-account/.
About this, I've just checked the login page and I can see ReCaptcha, on my end, in the lower-right corner. Could you check if you can see it too?
Lastly, I think you might be interested in giving a VOTE+ to this idea: https://community.spotify.com/t5/Live-Ideas/Security-2-Factor-Authentication/idc-p/1017979.
Let me know if you have any questions!
Have a great one,
Hubo
I'm having the same problem. I think it started on Monday. Music being played on my account all through the night and morning. When I try play something I want to hear, it immediately skips back to the album that was originally (ghost) playing.
I have followed all the steps in the support article. I have changed my password (3/4 times in the last few days), logged out of all devices and signed back in. The ghost songs were being played immediately after signing back in (WITH A NEW PASSWORD). I have also removed all the apps that could access my account (including facebook) changed my facebook password and signed back in, changed my Spotify password again, signed back in and the bot was in my account from the off.
This is a blatant disregard for customer privacy and data. Your platform is being compromised and the steps in the support article are completely ineffective. As a premium subscriber of many years I expect better. Sort it out or I'll give my money to a platform that takes its customers privacy more seriously.
Same issue here, completely disgusting the spotify refuses to acknowledge this security breach.
Hey there you, Yeah, you! 😁 Welcome - we're glad you joined the Spotify Community! While you here, let's have a fun game and get…