account hacked no information from spotify

Solved!
Reply

account hacked no information from spotify

hilolow
Casual Listener

Hello Spotify community, 

recently my account was hacked and accessed by a someone else.  I contacted the Spotify support and they immediately froze my account, deleted all CC information, and reset my password.  I provided the Spotify team with the information they requested in order to conduct an investigation.  The Spotify team then confirmed that someone besides me had accessed my account.

 

Once the team confirmed that my account was accessed by someone else I asked Spotify if they could tell me when, where, and what device had logged into my account so I could try and figure out what I did wrong.  I assume they capture this type of information anyway so it shouldn't be a big deal.  However, Spotify would not release any of that information.  I also asked for a copy of Spotify's policies regarding releasing this information and was given nothing.  In fact, the customer service agent wrote back saying, "We ask for these details as we take security seriously and because of this, we cannot give out any details. Again, you can always send us a request through your local enforcement agency and we'll be happy to answer all these questions if need be."

 

Can anyone clear up why this is?  How does taking my security so seriously mean that they cannot share any information with me?  Why do I need to get law enforcement involved?  Seems like a waste of everyone's time.  Anyway would appreciate hearing about anyone else's experience with something similar and understanding why is this such a big secret...  

 

Thanks - 

1 ACCEPTED SOLUTION

Accepted Solutions
Solution!

Re: account hacked no information from spotify

Rock Star 16
Rock Star 16
Hey,
I've done some research I've been told.
'information can only be given to the customer if Law Enforcement decide to Investigate' apparently it's in the terms and conditions.

If you're still not happy let me know and I'll see what I can do
EthanS1Rock Star 16
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.
4 Replies

Re: account hacked no information from spotify

Rock Star 16
Rock Star 16

Hello! Congrats on making your first post :) Welcome to the community :)

 

Sorry to hear about your recent hacking and I'm happy to hear that the support team resolved this at first but your disatisfied with the way they can not disclose information for you.

 

I've helped on multiple support boards from other companies, Most companies do have a policy when they cannot disclose details that could identify someone for security purposes and to be honest they would need to protect this data.

 

Even though its your account they may have identified something else like the same person doing it and they got to protect it until they built a bigger case!

 

I'll try to find out RE: policy and will get back in touch through the thread

 

Let me know if you have anymore questions!

EthanS1Rock Star 16
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Re: account hacked no information from spotify

hilolow
Casual Listener

Hi EthanlsAmazing,

thanks for commenting.  I appreacite it.  Thanks for looking into the policy portion as well. 

 

I have another quesiton if you're willing.  When a policy is created I imagine it outlines an overarching goal first.  Then there are norms that are established to help achieve the overarching policy.  These norms/steps/subpolicies, whatever they might be called, will then be adjusted over time in order to keep up with the changing landscape with the aim to continueously achieve the overaching polciy.  

 

I guess the issue that I have is understnading what the overarching policy is.  The answers that I have received from spotify are not clear.  Instead of explaining things they state there is a policy and that they can't release anyting. There is no discussion about why, what the pocliy is, what the end goals are, etc.  It feels very much like they are saying "trust us, but we can't tell you anything".  Which, I don't think is really what the policy is designed for - so it feels very much like an off-the-cuff answer that doesn't help move the conversation forward.  I realize there are policies in place, and for a good reason.  However, I'm not sure why Spotify's poclies can't be shared so I can have a better understanding of the currenet situation and why Spotify makes the decisions that it does.  

 

Regarding the information that I'm guessing Spotify has regarding my account.  What is the danger of sharing the information aroud my account with me?  Why not telll me the login date, time, location and device?  Goolge provides me a summary of the different logins to my account at the end of the month.  Microsoft sends me emails if there is a suspiscious login coming from somehwere.  Both companies seem to encourage me to monitor this to ensrue my account is secure. What is the difference between logging into my email or logging into Spotify?  Is Spotify protecting me more by not sharing this information? 

 

But, for arguements sake, lets take this a step further - even if somehow I could pinpoint a person using the data provided, ie. date, time, location, and device logged into my account, why is this bad? Is the assumption that I or someone in my shoes would do something unlawful? What am I going to do with that information except change my passwords and maybe not let them use my devices?  What are we really "proecting" by not sharing anyting?  And if it was common knowlege that this information was released monthly, wouldn't that help deter these imposter logins?  

 

 

Anyway, just some thoghts.  Really I'm just trying to understand why Spotify has made the decisions that it has so I can deicde to continue using the product or not.  I do like Spotify a lot, so it would be a hassle to decide not to continue using it.  But sometimes I can be foolish and stick to my principles despite what I want to do.  Thanks - 

Solution!

Re: account hacked no information from spotify

Rock Star 16
Rock Star 16
Hey,
I've done some research I've been told.
'information can only be given to the customer if Law Enforcement decide to Investigate' apparently it's in the terms and conditions.

If you're still not happy let me know and I'll see what I can do
EthanS1Rock Star 16
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Re: account hacked no information from spotify

hilolow
Casual Listener

Hi EthanlsAmazing,

Thanks again.  I also received the same answer from customer service when I asked.  However, I asked for further information about the company policy and why my login information cannot be shared when companies like Google, Microsoft, etc. share my login date, time, location, and device with me.  

 

As I've been passed along to different customer service representatives the answer has changed and Spotify can share login information about my account with me if I ask for it (no need for law enforcement).  The issue arises when Spotify knows that the specific login into my account is not mine and that the release of this information to me might enable me to identify the person.  

I think it's an interesting conversation as whomever logged into my account knows that logins are tracked and I'm not sure why there is an expectation of privacy or "protection" when one is logging into an account that one is not associated with.  So I've asked Spotify to please reference the laws and specific sections they are referring to which will help me understand why login data around my account must not be shared.  I've also asked what it means to "protect" data and what Spotify's overarching goal is and how not releasing login information to my account achieves this.   

Besides being an interesting discussion I think the whole thing is kind of weird - who logs into someone else's Spotify account and purchases a family plan?  I can see why they would want my address, credit card info, etc... but to purchase a family plan? There have got to be easier methods to listening to music than that... unless their goal is something else.

 

SUGGESTED POSTS