Spotify Community

Hobson99 · 2019-05-24

More a suggestion than an issue, perhaps an Idea if I could post there.

Background

I received the "To protect your Spotify account, we've reset your password due to detected suspicious activity" email, and duly set a new password. I am impressed and grateful that the suspicious activity was detected. I am certain that this arose due to my failure to correct a recycled password.

Suggestion

I wonder if it would be a good idea to mention in such emails that users with Premium for Family subscriptions should go to their account and delete any "members of your household" that are not.

I don't think it's immediately obvious that the best way to steal a user's subscription is to set up a new family member, effectively hiding the activity. A touch of paranoia made me check every account setting and come across these unknown family members, but this was more alarming than the message in the email as I could actually see some suspicious activity.

Peter · 2019-06-06

Hey @Hobson99.

Thanks for posting your suggestion in the Community.

We've passed it on as feedback to the right team, who will take it into consideration and look into it.

In the meantime, if anyone who owns a Premium for Family subscription receives an email telling them their password has been reset due to suspicious activity, we recommend they check the members on their plan and remove any that they do not recognise.

Hope that helps! Let us know if you have any further questions or concerns.

View solution in original post

Hobson99 · 2019-06-06

Hi Peter

Thanks for understanding the nature of the problem and passing it on. I'm hoping that your recommendation that users "check the members on their plan and remove any that they do not recognise" won't only be available to them in this thread, although I've tried to make it as obvious as possible!

View solution in original post

Billy-J · 2019-05-24

Hey @Hobson99, and welcome to the community.

Hope you're doing great!

I'm sorry to hear this. I'd recommend checking out this page for more info and the next steps to take (Please follow all of the steps provided).

I hope this helps! 🙂

Billy-JSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

Hobson99 · 2019-05-24

Thanks for the quick reply!

I read this help page after resetting my password (to see if there was anything else I should do), and have read it again just now, but it doesn't seem to address the situation I found.

My account seems to have been logged on to by someone, who did not take over the account as such but, I suppose, simply accessed content by creating new family members. I would not have been aware off this until e.g. adding another family member.

I was trying to suggest that other users should be made aware of this. Taking over an account can have various disruptive effects as stated on the help page; adding a family member is simply accessing a premium subscription without paying for it, which hurts us all.

chialynn · 2019-05-27

Thanks for this! I found your post after getting a password reset email, too—checked my Family account and saw three invitations out to people I definitely do not know. I wouldn't have thought to look if you hadn't made the suggestion here.

Hobson99 · 2019-05-28

Hi chialynn

I'm really happy to have helped you!

Hopefully word will spread and more people will check their family accounts. I still can't see a solution for this apart from knowing it can happen.

lobeyd · 2019-05-28

I had this happen as well - while glad that they spotted the dodgy activity I was staggered by them sending an e-mail from an address that did not at first appear to be genuine (wl.spotify.com - who or what's that ?) and worse it having not one but two embedded links in it.

Never, ever send embedded links in unsolicited emails please - can't believe a company dealing with security of an online account would do something so stupid

Hobson99 · 2019-05-29

Hi Lobeyd

My email was from no-reply@spotify.com, and while I eventually decided to trust it, I agree that embedded links in an unsolicited email are generally a bad idea.

One alternative would be to ask the user to open Spotify, try to log on, and when this fails click on the "Forgot your password" link. Another would be to ask them to go to https://www.spotify.com/password-reset, but without the link.

Hobson

Peter · 2019-06-06

Hey @Hobson99.

Thanks for posting your suggestion in the Community.

We've passed it on as feedback to the right team, who will take it into consideration and look into it.

In the meantime, if anyone who owns a Premium for Family subscription receives an email telling them their password has been reset due to suspicious activity, we recommend they check the members on their plan and remove any that they do not recognise.

Hope that helps! Let us know if you have any further questions or concerns.

Hobson99 · 2019-06-06

Hi Peter

Thanks for understanding the nature of the problem and passing it on. I'm hoping that your recommendation that users "check the members on their plan and remove any that they do not recognise" won't only be available to them in this thread, although I've tried to make it as obvious as possible!

Spotify Community

Suspicious activity and family members

Suspicious activity and family members

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

Suspicious activity and family members

Suspicious activity and family members

Suggested posts

Let's introduce ourselves!