Announcements

Security Issue : Recently Played is full of weird stuff

Security Issue : Recently Played is full of weird stuff

https://community.spotify.com/t5/Content-Questions/my-recently-played-is-full-of-weird-stuff/td-p/46...

 

The same thing is happening to me. Someone is able to get access to my account and play random music without changing the password. Looks like this has happened to many others too. Could be some sort of an attack on Spotify through a security vulnerability.

 

Changed the password (Made it more complicated), logged out everywhere. Did everything mentioned. Issue still persists.

 

For the attacker to change my password - that person needs to know my current password.
For the attacker to click on forget password - that person needs access to my email to reset password. To change the email address on my profile to something else, that person needs my current password.

 

Looks like the attacker is using some other exposed security vulnerability. Hence only the recently played is filled with random songs for me and for a lot of other people complaining about this same issue.

 

Spotify : This issue still exists. Can you please help to resolve the same. 

Reply
7 Replies

Hey @adi, thanks for reaching out to the Community!

I’m sorry to hear about this! In this case, I’d recommend checking out this support article for the next steps to take.

To prevent this from happening in the future, there are many measures you can take to protect your account, such as resetting your password every few months, and not using passwords you have used on other sites. There is also a great guide here for some more measures on protecting your account.

If you see an email from Spotify, and can’t tell if it’s legit, use this checklist. Of course, Spotify makes sure that all user records and platforms are completely secure around the clock.

I hope this helps.

Billy-JSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Thank you for your response.

I have gone through the link and I did the steps mentioned in Spotify Help Page. This issue still happened. 

 

I downloaded my Spotify data to prove to that this issue exists. 

 

The song I was listening to stopped and changed to a random song I have never heard before. I checked the devices menu and there was some other device (browser) connected to the account which I did not recognize. 

 

SONG I WAS LISTENING TO

{
"endTime" : "2021-01-13 03:44",
"artistName" : "Neha Kakkar",
"trackName" : "Dilbar", 
"msPlayed" : 26133
},

 

SONG THAT STARTED PLAYING RANDOMLY
{
"endTime" : "2021-01-13 03:44",        -----------> Same time as the song I played
"artistName" : "Enrico Bsj Ferrari",      -----------> This artist is an Italian artist. 
"trackName" : "Never be the same - Radio edit 2020",
"msPlayed" : 1109
},

 

How can the track change from a song I was listening (from my playlist) to another random Italian song which I never heard in my life exactly at the same minute?

 

This is what makes me think that there could be a security vulnerability exposed with Spotify. 
https://community.spotify.com/t5/Content-Questions/my-recently-played-is-full-of-weird-stuff/td-p/46...


In this post, there were a lot of people affected by this same issue. So it is not just one user. Even more proof that there is a security vulnerability. 

I think you might want to change your email, even if you change your password frequently, I've seen someone write about a bot that forcefully tries to come up with combinations for your password. So, if someone knows your email, then they can use the bot to try and guess the password. 

Or something is wrote with spotify and there is a security vulnerability, as you mentioned.

I have this issue too, even after going through all the steps suggested by Spotify a couple weeks ago, my recently played and even my 'shortcuts' under the Good Morning section are again filled with these same songs, including one that's called "Fuelled by Racist Rhetoric" - I absolutely do NOT want this in my Spotify account.

Screen Shot 2021-02-26 at 09.37.59.png

Hey there @idontwantto123,

 

Thank you for your post in this thread.

 

Can you confirm if you followed all of the steps that @Billy-J provided in the thread?

 

We'll keep an eye out for your reply.

 

Cheers!

JeremyModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Live, love, laugh and listen to music 🙂

When this happened, I changed my password, email address and also logged out of all devices. 

 

After a month or so, this happened again. So I again repeated all the steps (change of password and email address + logout of all devices). This is when I requested for data from Spotify to prove this issue does exist. 

 

Since the second email change, this issue has not happened yet but I am on the look out. 

 

But if it is a bot and if it does crack my password and login, then spotify sends an email saying logged in with a new device. If it did, then the person can change the email address and the current password linked to the account. Since this does not happen, I guess the password is not compromised. 

Hey @adi,

 

Thanks for getting back in touch.

 

We're glad to hear that this hasn't happened again. 

 

If the issue comes back, we suggest that you follow the instructions under the Lost anything? section of the article @Billy-J sent previously so our Support team can take a look at your account and help you with this.

 

We're always a post away in case you have any questions.

 

Have a good one!

EniModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
 
“Music acts like a magic key, to which the most tightly closed heart opens.”– Maria von Trapp

Suggested posts