Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Solved!
Reply

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

SuperBario
Newbie

I too have been hijacked by Spotiamb 0.2.1

 

Not sure if it is coincidence but I have had to investigate slow internet speeds, and apporx 1gb is being uploaded over my network each day. I have no idea why

 

How do i get rid of SPotiamb and what other potential problems can this hack have?

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Rorey
Spotify Legend
Hello @colesl4w @SuperBario @adker @Forsh. Staff here.
 

After further investigation it seems some accounts may have been accessed by attackers guessing the password after multiple tries. 

 

Although it is listed as a Connect device, by no means was the Spotiamb player used in the compromise of accounts. The reason why it appears as a Connect device is because someone logged in with that user's credentials.

 

We recommend resetting your password and disconnecting from all devices using this link. If this does not solve the issue for you we will gladly help out. Send us a message over here then post your case number here.

 

We'll get it looked into immediately.

Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

willboot
Regular

So I've done what you suggest, deleted all devices (which included a PC laptop that absolutely isn't mine) and changed my password but Spotiamb is still visible on my device list. The message link you supplied throws a 404, so you need to fix that.

 

Possibly related: this message came up when I logged back into my account on my iPhone. I don't have more than three devices.

 

Getting a bit spooked by this. Please sort it out. I gave Apple Music a spin but decided to stay with Spotify, couldn't see any compelling reason to change. Beginning to wonder now.

IMG_0226.PNG

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Adam_B
Roadie

Hey @willboot

 

Are you still having issues after signing out everywhere and resetting your password?

Are you noticing anything else unusual on your account?

 

If so, it'd be best to get in touch with our Accounts team here.

 

Let us know how you get on.

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

willboot
Regular

So far today there's no sign of Spotiamb on my device list, so fingers crossed. 

 

Can I repeat that the link you give to Accounts doesn't work?

 

Also note that in the attached recently played list, only 4 out of the 12 - Sam Cooke, Leon Russell, Ed Askew and ZOFO duet - were artists that I actually chose to play myself!

spotiamb.jpg

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Adam_B
Roadie

@willboot Thanks for letting us know!

 

The link's working fine on our end. If you need to use it, try pasting it into an incognito window:

https://support.spotify.com/contact-spotify-anonymous/.

 

Let us know if you see anything else unusual from this.

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

bastos
Newbie

After messaging the support team and following all the instructions, my account is still being invaded by Spotiamb.

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Rorey
Spotify Legend

Hey @bastos. We'll get this looked into asap. Someone will be in touch via email shortly. 

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

amarmitra
Casual Listener

Ugh... Its the same issue with me. I changed all passwords. I can't listen to my music in peace. 

 

Why is this a mystery? Am I not paying for it?

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

user-removed
Not applicable

@amarmitra

 

Hello:

 

What I can do is tag 

SUGGESTED POSTS