Announcements
The Spotify Stars Program: Celebrating Values Week!

Help Wizard

Step 1

NEXT STEP

Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Solved!

Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Hi all,

Just wanting to draw attention to this. It appears that there is an exploit for Spotify Connect which uses the Spotiamb 0.2.1 extension to hijack user accounts and play a set list of songs. Affected users will see "Spotiamb 0.2.1" appear as an available Spotify Connect device. The result is that their account will, multiple times throughout a day at random intervals, play albums by these two artists, amongst others:

 

Dungeonsd: https://open.spotify.com/album/66xm00as0QlKB2dOE6fUpH

 

Tony Oldam: https://open.spotify.com/album/3m0eumQjUDrLyAwJmkFMpi

 

These tracks will interrupt anything the user is currently playing. 

 

Other users are experiencing the exact same behaviour

https://community.spotify.com/t5/Help-Desktop-Linux-Windows-Web/Random-unsolicited-song-hijacks-play...

 

https://community.spotify.com/t5/Help-Accounts-and-Subscriptions/Spotify-hacked-by-a-pro/m-p/1178797

 

Could a member of the Spotify team please comment on this? It is somewhat concerning that there appears to be an unaddressed explit capable of making user accounts play any tracks they wish.

 

Many thanks.

 

 

Reply
157 Replies

Hey folks.

 

Just to help clarify, the Spotiamb player has never been hacked to our knowledge. We believe the issue here is attackers guessing passwords. This is easy to fix.

 

@amarmitra You also need to disconnect from all devices like I mentioned in my post above. The issue may not be resolved if you only change your password. Give this a try and post back if it doesn’t work. We’ll gladly get you sorted out.

I have been dealing with this issue for a few weeks now.

 

I used facebook to create my account though I do not believe my password was guessed by brute force (16+ characters, upper/lowercase, numbers, and symbols). Regardless, I changed my Facebook password, and logged all devices out of Facebook. Then, I logged all users out of Spotify.

 

This did not resolve the issue.

 

I have tried to create a spotify device password but I never receive the e-mail.

 

What should my next steps be?

I'm having the same issue. My account is playing random songs every few hours from spotiamb 0.2.1

 

Changing my password and disconnectiong all accounts did not help.

 

Any further suggestions?

 

Edit: Case #03650348

Case number from emailing support is #03650348

@gideonshils

 

Hello:

 

Thanks for the case#. I will mention 

I'm getting hit by this exploit as well. It's ridiculously frustrating given that I stream my music into my home system, and I get all that weird music.

How do I get a case opened for this?

FWIW, I did as suggested re disconnecting/passwords (again) and this time it seems to have worked. Haven't seen any sign of Spotiamb for a couple of weeks now. Coincidentally (or not!) my Netflix account was compromised as well, some Spanish-speaking guy getting a free ride on my account.

Asking again, what should my next steps be? Details are in my previous post.

Thanks

Hey @buurin Our support team will need to help you out. Please get in touch with them at the following link.

http://www.spotify.com/about-us/contact/contact-spotify-support/?contact

I am getting properly frustrated with the persistent hijacking of my Spotify account, despite having forced log outs from all devices time and time again. This has been going on for weeks, and I've had to pull over to the side of the road to get my playlist playing again. I'm rather sure that if an accident happened as a result of this, and Spotify's unwillingness/inability to put a stop to this, would make for an interesting talking point across social media.

 

Rorey - can you please have someone help me on this?

Hey @user-removed. Did you see my post right above your last comment? 

 

Please fill out that form then post back with your case number. We'd be happy to chase this up. 

Even better, Spotify support contacted me and converted me to an account
with normal credentials and closed off my old one with Facebook Connect.
I'm monitoring the situation now to see if it happens again 😀

I am having exact same problem. Spotiamb (which I don't know what kind of program it is, it is not something I ever downloaded) has hijacked my Spotify and plays random music (often similar -- yoga, zumbah, nature noises) every few songs. 

 

I tried logging out of all devices, and still this phantom Spotiamb displays itself in my Spotify Connect. It seems clear we have all been targeted with the same malware. 

 

How to stop this? Spotify, please contact me. Longtime premium customer here.

 

B

Also, sorry, I see this is the PC forum, but I would like to note that I am using the desktop version of Spotify on a Mac.

Hi

I feel your pain. However, I did what they suggested - several times - and eventually Spotiamb just went away.

 

Unless it's absolutely necessary, it might help not to have Spotify open on more than one device at a time, because this exploit arrived via Spotify Connect (at least I never saw it). It's an unnecessary complication anyway, in my view.

 

Hope this helps,

Cheers

Mike

PS I'm on a Mac too.

Thanks for the reply, Mike! I will keep trying as you suggest.

I've just tried every step listed on this thead, and I'm getting nowhere. Unfortunately, my personal laptop is down at the moment, and the help desk link is being blocked by my work's security filters.

 

Can someone from Spotify just remove the Facebook log in and create a different account for me? I'm honestly ready to stop paying for the service because the spotiamb issue is so bad.

Logging out and changing passwords worked for me, though the whole new age muzak crap has totally ruined my Year in Music. Sigh.

Same thing happened to me too first my netflix turn into spanish and my pass and mail changed and now my spotify plays random music. Im goingg to format my pc did you find any virus in your pc ?

I too am now having this problem. Tried the suggestions and it's removed for now. Will continue to monitor. Annoying to say the least
Screenshot_20161117-124221.png

Suggested posts