Password Reset Due To "Suspicious Activity"

Password Reset Due To "Suspicious Activity"

WareNetwork2000

Plan

Free

Country

America

Device

PC

Operating System

Windows 10

 

My Question or Issue

 

Today, I was forced to reset my password by Spotify. They logged me out of my account and they sent me my E-Mail.

 

"To protect your Spotify account, we've reset your password due to detected suspicious activity."

 

What suspicious activity? There has been no suspicious activity on my account. They didn't even explain exactly what I did. They were just vague about it. When I went to change my password, Spotify wouldn't let me change it back to my old password, so I have to get used to a new password.

 

Has this happened to any of you? Is there any way to get Spotify to change my password back to my original password or do I have to create a new account to use my old password?

Reply
29 Replies

PrettyMuchSwiss

Hey there, thanks for reaching out to the community.

Yes, this is a thing Spotify does when it detects any unusual activity. I don't really know, and you probably can't either, but there is definitely a reason for this.

I never had this issue, so correct me if I'm wrong, but if Spotify won't let you change your password back on your account page, I'm afraid you'll have to get used to a new password.

I hope my answer was somewhat helpful, and I wish you a great day.

ReeceN

Unfortunately what you just said, did not help what so ever, you also just literally changed the words around of the original comment / issue report.

Any company that FORCES a password change, cares less about security than others as it forces people to use weaker passwords, companies like Microsoft realized this and made this change ages ago.

I have had the same issue when i used my VPN on my computer whilst listening to music whilst doing secure work.

Unprofessional Spotify Inc.

Petya

Hey there @ReeceN and @WareNetwork2000,

 

Thanks for reaching out to us.

 

We take security very seriously. In order to avoid potential issues, we might reset an account's password.

 

Don't worry! Here you can choose a new password. Then you can log in with your new password and enjoy your favorite jams.

 

Tip: You can also log in to your account page, scroll down, and select SIGN OUT EVERYWHERE as additional step to secure your account.

 

Hope this was helpful for you. If you have questions, you know where to find us.

 

 

 

 

PetyaModerator
 
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
 

ReeceN

Your saying that spotify users have the ability to Reset there own password? Wow how kind of spotify. That is not the issue here!

The issue is that Spotify are forcing users to change the password on my account as well as others if they trigger a security trap.  This means that we also cant change our password back to the one we want to used because "You have used this password previously". 

The user should be given the option / notified and recommended to change there password because of X reason (Security trip)  but not FORCED! 

If its tripped the security, Maybe give the user the ability to Authorize a log in location or do a One-time pass code to allow to log in. 

No matter what, you NEVER force your customers to change anything. If i want my password to stay the same, you should also let me use old passwords IF I CHOOSE TO DO SO !

crash2k0

No wonder you are being asked to reset your password if you are listening through a VPN. A VPN tells Spotify you could be anywhere. Sounds suspicious to me.

But, saying that, I am now getting a similar problem. LOL

M.

NPatch

Actually not suspicious at all. Especially now during the covid situation, many are forced to work remotely and many employers do so using VPN(for which they don't always approve any kind of traffic just to allow employees to listen to music for example). We've had issues with Viber as well.

I agree with the OP that some information about the login attempt would be helpful. Also two-step auth like OTP would further validate whether it was suspicious or not. If VPN is the only issue, I shouldn't have to change password if I can validate the attempt using OTP.

LolRoll

Yeah I am having the same problem. Spotify has reset my password twice in the past weeks now. I am slowly running out of passwords. I am travelling frequently and this is just silly. Especially, because they are not providing a clear reason why they feel like resetting my password.

Please stop this practice, it is not particularly useful from a security perspective and likely even harmful.

kavirnya
+1 This is plain stupid. I'm on a bike ride for hours and suddenly Spotify throws a login screen. I just realise when I get home and read my emails that Spotify simply disabled my password and forces me to create a new one. Ridiculous.

RJHsiao

Hmm It really cool that I also received the email today, and It makes me confused because:

  1. If "suspicious activity" really happen, how can I check when and what IP that make "suspicious activity" happened?
  2. I use my Facebook account to create Spotify account and login without set another password for spotify. If "suspicious activity" really happen, how can it happened without triggering Facebook's security detection?

Alex

Hey there @RJHsiao,

 

Thanks for reaching out about this in the Community!

 

You can't vie what IP or device has tried to access your account. The email you've received should have a country of the entry listed.

 

Note that this automated security response could be triggered if you've entered a wrong password several times as well.

 

Hope this info helps. Don't hesitate to reach out again if you have questions.

AlexModerator
Help others find this answer and click "Accept as Solution".
If you appreciate an answer, maybe give it a Like.
Are you new to the Community? Take a moment to introduce yourself!

kavirnya

It looks like Spotify has fixed this issue. I was stubborn enough to bug the support people at Spotify and after some months of explanations they connected me to a support representative who said there was some improvements in Spotify and it indeed looks like it was fixed as I don't get the password resets now.

How about you guys?

lifesatriiip

I just got the email everyone’s talking about today around 3am, so I googled it and found this post. Usually when an account of mine has suspicious activity it’s because of phishing, too many failed password attempts, or someone trying to log into my account that knows me. And I know bcuz the emails I get from other apps I am using that need me to reset my password are way more specific as to why my password needs to be rest, than the Spotify email. I love Spotify. I don’t care about changing my password. If I forget I know my email login, not tripping. I also didn’t leave my house yesterday, so it’s not bcuz of my location. I’m not logged in anywhere else. So no, I don’t think Spotify changed the issue. Btw- I also think it’s bizarre that Spotify would log someone out due to location, ON YOUR OWN PHONE. No other app I have does that? Only credit cards?? 😂

acynorman

I'm convinced that Spotify also has some stupid AI in the background analyzing our behavior and then seems to decide from this whether it was "suspicious" in any way ...

 

I think that because I wrote my own Spotify UI using their WepAPI to play music and create new playlists.

Every week I use this tool to go very quickly through a huge playlist of new release to find the few songs I like. I mostly play the first song of each album/single only for a few seconds to decide if the song or the whole album would be interesting.

 

And for the last couple of month exactly that seems to trigger those password resets. I get this mail almost every week now, exactly the day after I used my tool.

I even changed the day of week for this "procedure", and it's still happening exactly the day after.

 

So please, Spotify, change your behavior analysis. This is really getting annoying. Especially since it's just ME using Spotify to create a new playlist out of the weekly new releases.

 

There is nothing suspicious or illegal about it!

cascoty

5 months free getting the same to change my pass every 4 days.

I tested premium with my cc for 2 months and the pass i changed it to a pwned email with pass. So long had my cc info from a preview hacked mail and they never sent anything like change my pass... (very professional).

When returned to regular and had removed my card.... here we go... again the same.

In a sub reddit a former employee admitted it is like a blackmail tactic to go premium. the sub vanished under spotify request. They can keep blackmailing but i changed to Deezer and is much better their free plan.

Pareeeee

Spotify - your answers to this topic are most definitely NOT HELPFUL. I suspect you are actually an AI set up to post the same answers every time. Completely useless. Thanks for nothing. 

RJHsiao

@Alex wrote:

The email you've received should have a country of the entry listed.


Really? Let me show you the email I received.

The mail content of "Please update your Spotify password."The mail content of "Please update your Spotify password."

It's very help if you can tale me which country is the "Suspicious Activity" entry that looks like already listed on the email but I can't see.

 


@Alex wrote:

Note that this automated security response could be triggered if you've entered a wrong password several times as well.


That's interesting! I said "I use my Facebook account to create Spotify account and login without set another password for spotify" before and I think you already see that, so how to trigger spotify's automated security response without triggering Facebook's security detection? It's really helpful if you can tell me the answer.

 


@Alex wrote:

Hope this info helps.


I hope so, but where is the "info"? Does those "info" have passive skill to hide their body?

Moodyguy

Asking users to change their password and not allowing them to use one of previous passwords (usually the past 5 passwords) are common and best security practices. Many reliable and secure systems like banking systems would ask their users to do the same thing if they find suspicious activities on users' account.

 

Spotify could provide more information on the suspicious activities; however, that could lead to some security issues. Let's say someone hacked into your Spotify account and was able to change the email address to their address. When you try to login back to your account that has been compromised, do you want Spotify to send your location to the bad guy's email address? No. Also, when your account is compromised, it's likely that your linked accounts like email account are  compromised as well since many people tend to use the same password for multiple accounts; so Spotify can't trust those accounts and send too much information to them.

 

I got the same email from Spotify today and I know the frustrating but Spotify is just trying to protect our accounts as well as our information.

JasonPotter
I constantly get this spurious 'suspicious activity' email, usually after I've spent time on Spotify - the suspicious activity is never specified, I suspect it's inaccurate Spotify bots becoming 'aware' of legitimate account-holders simply logging on.

I suggest Spotify makes its bots more accurate to prevent further pointless annoyance.

Lostdragon5

I've begun getting these same emails constantly for the past few months with no reasoning or explanation. The only think I can think of that triggers it is that I sometimes forget to turn my music off so it keeps playing one album or playlist all night. If the simple act of forgetting to turn off my music, which I know many many people find themselves doing as well, is enough to mark my account as "suspicious," then what is even the point of using Spotify.

 

The only other 2 possibilities I can think of is that 1) I only recently begun using this account again after many years because I was mainly listening to music through YouTube. Or 2) that this account has been using the free plan for too long showing I don't intend on switching to premium, so now they're trying to bully my into it.

 

There hasn't been any other log in on my account besides my phone and my laptop and there is no specification. If this were a more urgent service, like a Bank account, then I can understand this method of security emails, but since it's just streaming music on a free account, there is no need for it to be so cryptic and so overly sensitive to simply using your account in the first place. And if they really did think their service so important to need such a vague security method, then they should've enabled 2 factor authentication a long time ago as well as being able to mark a device/IP address as safe while needing to authorize unknown ones.

Suggested posts