Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Solved!
Reply
Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Casual Listener

The same thing happened to me.

It started out this morning when I was playing through a Chromecast.

I paused/stoped the music on my tablet because I was going out.

When I came back home the music was on, playing the same playlist I was previously listening to. I figured I must have accidetaly pressed next song or something instead of pause - and not hearing that the music started.

 

Then it happend once more a couple of hours later, still playing from my Chromecast device and the same playlist as before.

This is when I noticed Spotiamb 0.2.1 in the device list.

 

I revoked all App access from my account and logged out all devices through the link on spotify.com

Logged in again on 2 devices only (Android Tablet and Phone).

An hour later it started playing again, this time through the tablet and some random artist that I've definitely never listed to before.

 

Now I've logged out all devices, changed password and then logged out all devices again.

I hope that'll do the trick.

Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Regular

i dont know if this is true, but my problem/hijack happen just after i connect my Spotify with Shazam. i dont know if Shazam is the reason, but just in case

 

1. i went to Apps and removed all app from there

2. changed my Spotify password

3. when to offline devices and remove all devices that i dont use anymore

4. signout from everywhere

doing this fixed my problem

Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Casual Listener

I got hijacked for the first time 10 minutes ago... I guess I'm stuck with that for the rest of my life?

Highlighted
Solution!

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Casual Listener
yochimo135, the actions I took earlier this week has worked good for me so far.
As described above;
1. Revoke all App access
2. Logout all devices
3. Change password
4. Logout all devices

I'm not sure which action (or combination) that solves the issue, but I made them all to be sure.

I wonder how this came to happen, if it's a brute force, exploit or some kind of leak.
As far as I know, the combination of username/password I have for Spotify is unique and therefore couldn't have been leaked from some other dump.

View solution in original post

Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Casual Listener

I just noticed that Spotiamb had accessed my account this morning, but now that I think back it's probably been happening for about a week.  I'd never thought to check the connceted devices list.  

 

Just followed the same steps as Chopp, will update in a day or so to see if those steps worked.

Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Casual Listener

No further interuptions.  Seems that following those steps worked!  I'm not sure if it'll work in all cases, but for mine it seemed to have sufficed.  

Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Newbie
I followed the instructions of changing my password and removing Spotiamb and I haven't had any issues recently. Is there anyway my CC information will be compromised from this?
Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Casual Listener
I have been hijacked as well. Needless to say this is unacceptable. I'm trying to change my password. But I sign in with a Facebook and that's the only way I know how to sign in to Spotify. I changed my Facebook password and I'm still being hijacked. How can I make a new sign in with my email and a new password?
Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Newbie

I had the same problem too.

 

I attempted to contact Spotify about it through their chat help. I waited over an hour and a half for a specialist but could not get anyone to help me. I talked to three different people who all tried to transfer me to this "specialist" and confirmed they were available before they patched me through but nothing got across 😞 

 

At this point, I have disconnected all my devices twice and also changed my password. I just changed my password so hopefully that will help. 

 

I have had Spotify for three years and am the biggest advocate but this is frustrating not being able to get anyone to help 😞

 

 

 

 

Highlighted

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Casual Listener
I don't understand how Spotify is completely absent from this thread. This is embarrassing for any software developer. Any software where unauthorized users can bypass authentication and gain unauthorized software access is bad code. Spotify, where are you? Where are the patches? There are clearly vulnerabilities within your code allowing this spotiamb exploit to thrive. I am also a Spotify veteran and would hate to migrate to a more secure platform, like Apple Music. Your absence in this thread signifies a lack of care for basic security principles, leaving paying users nervous for your next software exploit you leave open. I am also having the issue. Securely changing passwords does not resolve the issue. Removing external app access will probably fix the problem. Embarrassing, Spotify.
SUGGESTED POSTS