Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Solved!
Reply

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Chopp
Casual Listener

The same thing happened to me.

It started out this morning when I was playing through a Chromecast.

I paused/stoped the music on my tablet because I was going out.

When I came back home the music was on, playing the same playlist I was previously listening to. I figured I must have accidetaly pressed next song or something instead of pause - and not hearing that the music started.

 

Then it happend once more a couple of hours later, still playing from my Chromecast device and the same playlist as before.

This is when I noticed Spotiamb 0.2.1 in the device list.

 

I revoked all App access from my account and logged out all devices through the link on spotify.com

Logged in again on 2 devices only (Android Tablet and Phone).

An hour later it started playing again, this time through the tablet and some random artist that I've definitely never listed to before.

 

Now I've logged out all devices, changed password and then logged out all devices again.

I hope that'll do the trick.

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

bulgaria_mitko
Regular

i dont know if this is true, but my problem/hijack happen just after i connect my Spotify with Shazam. i dont know if Shazam is the reason, but just in case

 

1. i went to Apps and removed all app from there

2. changed my Spotify password

3. when to offline devices and remove all devices that i dont use anymore

4. signout from everywhere

doing this fixed my problem

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

yochimo135
Casual Listener

I got hijacked for the first time 10 minutes ago... I guess I'm stuck with that for the rest of my life?

Highlighted
Solution!

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Chopp
Casual Listener
yochimo135, the actions I took earlier this week has worked good for me so far.
As described above;
1. Revoke all App access
2. Logout all devices
3. Change password
4. Logout all devices

I'm not sure which action (or combination) that solves the issue, but I made them all to be sure.

I wonder how this came to happen, if it's a brute force, exploit or some kind of leak.
As far as I know, the combination of username/password I have for Spotify is unique and therefore couldn't have been leaked from some other dump.

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Ryanyb
Casual Listener

I just noticed that Spotiamb had accessed my account this morning, but now that I think back it's probably been happening for about a week.  I'd never thought to check the connceted devices list.  

 

Just followed the same steps as Chopp, will update in a day or so to see if those steps worked.

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Ryanyb
Casual Listener

No further interuptions.  Seems that following those steps worked!  I'm not sure if it'll work in all cases, but for mine it seemed to have sufficed.  

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Foster78david
Newbie
I followed the instructions of changing my password and removing Spotiamb and I haven't had any issues recently. Is there anyway my CC information will be compromised from this?

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

akbrucke
Casual Listener
I have been hijacked as well. Needless to say this is unacceptable. I'm trying to change my password. But I sign in with a Facebook and that's the only way I know how to sign in to Spotify. I changed my Facebook password and I'm still being hijacked. How can I make a new sign in with my email and a new password?

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

carina4714
Newbie

I had the same problem too.

 

I attempted to contact Spotify about it through their chat help. I waited over an hour and a half for a specialist but could not get anyone to help me. I talked to three different people who all tried to transfer me to this "specialist" and confirmed they were available before they patched me through but nothing got across :( 

 

At this point, I have disconnected all my devices twice and also changed my password. I just changed my password so hopefully that will help. 

 

I have had Spotify for three years and am the biggest advocate but this is frustrating not being able to get anyone to help :(

 

 

 

 

Re: Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Pepstar34
Casual Listener
I don't understand how Spotify is completely absent from this thread. This is embarrassing for any software developer. Any software where unauthorized users can bypass authentication and gain unauthorized software access is bad code. Spotify, where are you? Where are the patches? There are clearly vulnerabilities within your code allowing this spotiamb exploit to thrive. I am also a Spotify veteran and would hate to migrate to a more secure platform, like Apple Music. Your absence in this thread signifies a lack of care for basic security principles, leaving paying users nervous for your next software exploit you leave open. I am also having the issue. Securely changing passwords does not resolve the issue. Removing external app access will probably fix the problem. Embarrassing, Spotify.
SUGGESTED POSTS