It started out this morning when I was playing through a Chromecast.
I paused/stoped the music on my tablet because I was going out.
When I came back home the music was on, playing the same playlist I was previously listening to. I figured I must have accidetaly pressed next song or something instead of pause - and not hearing that the music started.
Then it happend once more a couple of hours later, still playing from my Chromecast device and the same playlist as before.
This is when I noticed Spotiamb 0.2.1 in the device list.
I revoked all App access from my account and logged out all devices through the link on spotify.com
Logged in again on 2 devices only (Android Tablet and Phone).
An hour later it started playing again, this time through the tablet and some random artist that I've definitely never listed to before.
Now I've logged out all devices, changed password and then logged out all devices again.
yochimo135, the actions I took earlier this week has worked good for me so far. As described above; 1. Revoke all App access 2. Logout all devices 3. Change password 4. Logout all devices
I'm not sure which action (or combination) that solves the issue, but I made them all to be sure.
I wonder how this came to happen, if it's a brute force, exploit or some kind of leak. As far as I know, the combination of username/password I have for Spotify is unique and therefore couldn't have been leaked from some other dump.
I have been hijacked as well. Needless to say this is unacceptable. I'm trying to change my password. But I sign in with a Facebook and that's the only way I know how to sign in to Spotify. I changed my Facebook password and I'm still being hijacked. How can I make a new sign in with my email and a new password?
I attempted to contact Spotify about it through their chat help. I waited over an hour and a half for a specialist but could not get anyone to help me. I talked to three different people who all tried to transfer me to this "specialist" and confirmed they were available before they patched me through but nothing got across :(
At this point, I have disconnected all my devices twice and also changed my password. I just changed my password so hopefully that will help.
I have had Spotify for three years and am the biggest advocate but this is frustrating not being able to get anyone to help :(
I don't understand how Spotify is completely absent from this thread. This is embarrassing for any software developer. Any software where unauthorized users can bypass authentication and gain unauthorized software access is bad code. Spotify, where are you? Where are the patches? There are clearly vulnerabilities within your code allowing this spotiamb exploit to thrive. I am also a Spotify veteran and would hate to migrate to a more secure platform, like Apple Music. Your absence in this thread signifies a lack of care for basic security principles, leaving paying users nervous for your next software exploit you leave open. I am also having the issue. Securely changing passwords does not resolve the issue. Removing external app access will probably fix the problem. Embarrassing, Spotify.