Spotify Community

digitaljedi21 · 2016-04-30

Frankly, I'm baffled by this one. Hoping someone else has seen (or solved) a similar problem.

About two months ago, I noticed several playlist from an artist that I did not recognize being listed as "Recently Played" on my iPhone. I listen to all types of music and Spotify's radio feature but what makes this stand out is this appears to be Vietnamese Pop music. There are multiple Playlists listed under my "Recently Played" playlist from different Vietnamese groups. I listen to Spotify daily and recognize both the playlists before and after this Spotify hijacking so this part does not make sense to me.

I checked on this message board and saw what options I had. My Spotify account is linked to my Facebook account so I proceeded to reset my Facebook account password and log out of all Facebook sessions. For what its worth, I previously had enabled two-factor authentication on my Facebook account so I know when anyone has attempted to login to my Facebook account from a new device.

Then, I attempted to login to Spotify again via my Windows Desktop client and it prompted me to re-login since my Facebook password had been changed. This was to be expected. At this point, I used the Spotify Desktop Client to log out of all devices.

So, changed my password, logged out of all devices. All was well for the next few months until a few days ago.

I noticed the same sort of activity - Playlist from Vietnamese Pop artists listed as "Recently Played." Specifically, "The Time of My Life" by Tuan Taylor, "I Know You See it" by Rubi Tu Nguyen, and "Make you feel the love" by Tuan Peter Nguyen. Included the names here in case other people are seeing the same sort of artist, genre of music being played on their Spotify account. Hey, who knows?

I could go through the same process of changing my Facebook password, and logging out of all devices again, but it appears the same person(s) still have the ability to play music. The one thing I've noticed is that I only see these "Recently Played" songs listed on my iPhone so maybe I will re-install the Spotify App on this device and see if that changes anything. If thats the case, then maybe there is a Security Vulnerability in the iPhone Spotify App and this should be reported to Spotify's Cybersecurity/SOC/CSIRT and/or Developers team.

I'm throwing this out there, but I work in cybersecurity and will be more than happy to troubleshoot with Spotify's Cybersecurity team offline. I love the service and don't want silly nonsense like this getting in the way of people's listening experience. It's the equivalent of coming home and seeing someone used your toilet that clearly wasn't invited. Hey, they didn't take anything but its the principle.

digitaljedi21 · 2016-07-31

It's been a few months and I thought I would respond that if you are experiencing this problem, then your account has been compromised.

I confirmed this with Spotify and they need to perform actions on their end in order to remove the unauthorized user(s).

They will perform a number of actions to verify you as the authorized user/account holder.

Spotify did not provide me with any idea as to how my account might have been compromised initially but they did assure me that their servers were secure.

That sounds great and I never was overly concerned about my credit card/PII being compromised but I was somewhat underwhelmed at the explanation they gave me both as a user and someone who works in the field of cybersecurity professionally.

I think Spotify is doing itself a disservice by not allowing greater access control over the devices authorized to play from your account. Specifically, geolocations of where devices are authenticating/logging on to the service. Perhaps even offering 2 factor authentication with a PIN sent to a phone number they have on file allowing access for 30-days from that device. These aren't unrealistic expectations in 2016.

I will continue to use the service as I do think they have a great product but if my account is comprimised in the future and there are no improvements such as the ones I listed above, I will seriously consider other paid-for streaming services for listening to music.

Hope my experience was useful for other members.

View solution in original post

Maxim · 2016-04-30

Hey @digitaljedi21,

Thanks for the post. Please contact Spotify Support regarding this. They'll look into this.

Contact form: http://bit.ly/SpotifyCF

Facebook: http://bit.ly/SpotifyCaresFB

Twitter: http://bit.ly/SpotifyCaresTW

If you get an automated reply email telling you to check the Knowledgebase or the Spotify Community, you need to reply back to it, even if it's from a no-reply address. Spotify Support usually replies within 24-48 hours.

MaximSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

jasonmcgonigle · 2016-05-05

I'm getting the exact same issue. Artists - Tuan Taylor. Tu lily Nguyen, Doney Nguyen, Rubi Tu Nguyen, Minh Kendy Nguyen.

Its either a software bug or a family cleaning up on royalties!

brandonchastain · 2016-05-05

I was actually having the same issue, and I think I fixed it, but this is still a security issue on Spotify's end as far as I can tell.

Even though I log into Spotify with Facebook, I found out that I can still click "Forgot my password" at the Spotify login prompt, and it allows me to change the password. I then tried to login with that new password, and it worked. I figure someone must have been using the old password (which I don't believe I ever set myself since I've always logged in with Facebook).

Anyway, try changing your Spotify password, and see if that works.

@Spotify: I don't think Spotify should allow people to log in with EITHER a password or a Facebook account, as that negates all the leveraged security benefits from using Facebook's authentication system by bypassing it with a simple password.

digitaljedi21 · 2016-05-08

Thanks, Brandon. I gave this solution a shot. I signed out of everywhere. Then clicked "Forgot my password" which asked me for my e-mail address. I entered my e-mail address, clicked on the link to reset my password. Set my password. Then tried RE-logging in back with that password. It did NOT work. But then I tried logging in with my Facebook account which allowed me to get back into Spotify. Note, I did this on my desktop computer.

So, I'm not exactly sure what my Username is with Spotify since I use Facebook to authenticate. But I did enter my e-mail address that I had password send me the reset password info and used that same e-mail address to login which did not work. Any ideas there?

Either way, I'll monitor and see what happens. I also notified Spotify this issue with the link @Maximapple included. We'll see if they come back with a solution!

I'll keep people updated if this fixed my issue as well!

digitaljedi21 · 2016-05-08

I'm glad I posted the artists! It seemed incredibly random. Today, while I was listening to a playlist on Spotify, my device paused at least 3 separate times stating "Spotify has been paused because your account is being used somewhere else."

Honestly, I don't quite understand why, or how Spotify does not allow you to manually authorize which devices are allowed to use the service and/or show you where your account is logged in via your (public) IP address. This information is absolutely captured by Spotify's servers. Its fair to reason that since Spotify allows a user to log out of all devices for security purposes, they have a list of devices that are registered/listed under a unique user ID. I'm just not sure why they don't allow their users to see this information.

I would state this was a software bug and it could very well be, Jason, but there seems to be a human behind some of these actions as they were able to pause playback on my end.

horan07 · 2016-06-20

I'm having the same problem too...

pixidrizzl · 2016-07-19

This just started happening to me. I logged out of everything and changed all my passwords and then it happened again. I got the same pop up I got the first time after I changed my password - "You are now listening on Sergio Guevara's iphone". I was concerned I was hacked but after changing all my passwords I'm starting to think it's a glitch. I'm going to report it.

digitaljedi21 · 2016-07-31

It's been a few months and I thought I would respond that if you are experiencing this problem, then your account has been compromised.

I confirmed this with Spotify and they need to perform actions on their end in order to remove the unauthorized user(s).

They will perform a number of actions to verify you as the authorized user/account holder.

Spotify did not provide me with any idea as to how my account might have been compromised initially but they did assure me that their servers were secure.

That sounds great and I never was overly concerned about my credit card/PII being compromised but I was somewhat underwhelmed at the explanation they gave me both as a user and someone who works in the field of cybersecurity professionally.

I think Spotify is doing itself a disservice by not allowing greater access control over the devices authorized to play from your account. Specifically, geolocations of where devices are authenticating/logging on to the service. Perhaps even offering 2 factor authentication with a PIN sent to a phone number they have on file allowing access for 30-days from that device. These aren't unrealistic expectations in 2016.

I will continue to use the service as I do think they have a great product but if my account is comprimised in the future and there are no improvements such as the ones I listed above, I will seriously consider other paid-for streaming services for listening to music.

Hope my experience was useful for other members.

user-removed · 2016-10-06

I have been having this issue since I got my new phone. It is occuring on my old one too now. It even stopped what I was playnig to play a Vietnamese song by Nguyen. Is there any way I can fix this or should I just cancel my Spiotify?

user-removed · 2016-10-06

I use Samsung Galaxy s7 Active and an s5.

Now it keeps asking me if my account code is correct.

digitaljedi21 · 2016-10-06

Hello,

You will need to notify Spotify at which time they will cancel your account and verify billing information but you will need to go through Spotify as this is something that needs to be modified on their server side. Hopefully that helps.

user-removed · 2016-10-06

So there is no way to fix this?

user-removed · 2016-10-06

Everytime I open spotify it shows some Nguyen with dif. First names. See at the bottom of the screenshot. It shows me throughoit the day that a song was recently played and when I listen it will start playing random song too now.

Is there any hope of fixing this? I have been woth spotify for 4 years now.

digitaljedi21 · 2016-10-06

If you discover a way to resolve this on your own, please let the group know. I attempted disconnecting all devices via Spotify. Logging out of all accounts, changing passwords, and somehow this still occurred. When I notified Spotify, they asked for additional information from me to verify I was the authorized owner, then they confirmed that the account had been compromised and removed the unauthorized user/users. Since I've notified Spotify and they removed the unauthorized user(s), I have not had any more of these incidents.

xxgrimnirxx · 2017-01-09

so how do we actually contact spotify support?

there are no normal links at the bottom of the site pages, and they just give you the community for problem solving?

oh and i have 2 unauthorized samsung phones using my account, just started in the last week or so, right after christmas.

tried everything everybody else did except making a new account.

digitaljedi21 · 2017-01-10

Try this link out: https://support.spotify.com/us/contact-spotify-support/

Select the best option (e.g. Account, Logging In), then select "Other" then
click the button "I still need help." If you describe to them the problem, they will route you to the right people.

It's comical how difficult they make it to find these sorts of pages now. I had to dig around in a link Spotify sent to my e-mail in order to "Contact Them."

Good Luck.

LouieFig · 2018-03-06

Someone keep hijacking my premium account, it switches my music off and asks if I want to listen on a variety of different devices, recenty 'Andrews'. Then what ever I choose, it rpceeds to play death metal and other things I would never choose.

There are playlists that I keep deleting being made on my account that also are full of swearing and death metal.

I am a yoga teacher, I use spotify for my classes, so it is very embarrasing when my yoga music switches off and is replaced by death metal and explicit language. This has been happening for months, I have logged out and changed passwords. I think Spotify is compormised with safety, I would like a reason not to leave, I feel very unsafe at the moment. I have spent a long time making lists that are relevant to my life and it keeps getting hacked. THis is not ok.

Spotify Community

Potential Security Vulnerability in iPhone App - Unauthorized Spotify Account Usage;

Potential Security Vulnerability in iPhone App - Unauthorized Spotify Account Usage;

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

Potential Security Vulnerability in iPhone App - Unauthorized Spotify Account Usage;

Potential Security Vulnerability in iPhone App - Unauthorized Spotify Account Usage;

Suggested posts

Let's introduce ourselves!