Spotify Community

colesl4w · 2015-07-29

Hi all,

Just wanting to draw attention to this. It appears that there is an exploit for Spotify Connect which uses the Spotiamb 0.2.1 extension to hijack user accounts and play a set list of songs. Affected users will see "Spotiamb 0.2.1" appear as an available Spotify Connect device. The result is that their account will, multiple times throughout a day at random intervals, play albums by these two artists, amongst others:

Dungeonsd: https://open.spotify.com/album/66xm00as0QlKB2dOE6fUpH

Tony Oldam: https://open.spotify.com/album/3m0eumQjUDrLyAwJmkFMpi

These tracks will interrupt anything the user is currently playing.

Other users are experiencing the exact same behaviour

https://community.spotify.com/t5/Help-Desktop-Linux-Windows-Web/Random-unsolicited-song-hijacks-play...

https://community.spotify.com/t5/Help-Accounts-and-Subscriptions/Spotify-hacked-by-a-pro/m-p/1178797

Could a member of the Spotify team please comment on this? It is somewhat concerning that there appears to be an unaddressed explit capable of making user accounts play any tracks they wish.

Many thanks.

cnnmndsspntmnt · 2017-11-16

Throwing my hat in the ring of disaffected users. Have done every step users above have cited: revoked access, changed password (used FB to log in, which had a LastPass generated password, and no semblance of a breach detected, so I'm calling foul on this being an issue, but whatever), and removed offline devices. Old friend, spotiamb 0.2.1 showed up again, playing some ambient tunes all night.

Most disappointing? My Discover Weekly is borked.

Just removed Sporify app from _within_ Facebook. We shall see what happens.

Spotify, please fix this.

Tymus44 · 2017-11-16

I have this same issue, except my account was fine until I linked spotify with my recently acquired Google home mini... Spotify seems fine with no outside interference every time I unauthorize Google home, then as soon as I relink the Google app, its not ten minutes before someone (usually spotiamb, but have had random usernames pop up as well) starts streaming via my account. Anyone else have an issue with Spotify connect and the Google home app?

erikbottema · 2017-11-16

Seems like I fixed it. Never used fb login, just username and password. Followed these steps:

1. logged out on all devices

2. restricted offline access to all devices

3. retricted all app persmissions

4. Changed password

shakey503 · 2017-11-19

I concur with people's frustrations. I just experienced this problem too with a Premium account. Spotify - this is a security exploit, and you need to address it instead of remaining silent. In the meantime, I've followed the steps that other users generously submitted.

trikztar · 2017-11-20

What seemed to solve the issue for me was to enable 'Show local devices only'* in the Spotify settings on my phone. The option doesn't seem to appear in the settings on my PC.

Just to feel more secure I also changed my password.

*Only shows devices on your local WiFi or ethernet in the devices menu

heldrida · 2017-11-23

I haven't granted credentials to any apps, etc. The only offline device is my phone.
Changed pw to see if that helps.

Spotify should do something about it, why not just ban Spotiamb. I've got no f* problem canceling my account and switching to Deezer, for example.

https://www.datahand.com/hackers-spotify-spotiamb.html

MusicFan48 · 2017-11-25

I am also having this issue. Spotiamb is overtaking my account and playing music randomly. I agree with the post below that Spotify should be in this conversation because I too been a customer for a few years and am a little skeptical if this is the lack of customer concern for security. I have attached a screen shot of what it looks like.

mackenon · 2017-11-26

I am having this issue also and have tried all the troubleshooting mentioned in this thread with no luck. Spotify we need a fix.

cyburke · 2017-11-29

I joined this thread simply to say that this is affecting me as well.. To clarify some of the points I have read so far:

- changed my account password

- revoked all external app access

- un-installed the app from any phone(s) which it was installed on

- re-installed the app on my main phone

I am still seeing the spotiamb message even after the above. 😕

cnnmndsspntmnt · 2017-11-29

Somehow this seems to be getting worse.

Spotify, your business model is being exploited and your users are being abused. Please acknowledge. Quickly going from being one of the service's biggest boosters to a vocal detractor.

Jackso11 · 2017-11-29

I am another one who is effected. Spotify please just ban Spotilamb !

heldrida · 2017-11-30

There's Deezer guys

skiddadale · 2017-11-30

I would not surprise me if this was a security flaw that has been found within spotify itself.

It is about time it reached the media as they do not appear to be doing anything about it.

Baerghuhn · 2017-12-18

Oh yeah, I just contacted support about this and they told me, it was a valid third-party app that I just needed to revoke access for on the apps page. This really looks like a big security *bleep*-up and should be covered by the media, as spotify does'nt seem interested to fix this.

JohannesSwe · 2018-01-02

I also contacted te support for the Spotiamb problem. The answer (original in Swedish):

"Thank you for writing to us. We have looked at your case and will investigate it.

In the meantime, as a precaution, we blocked all users - including yourself at the moment - from accessing your account. We have also deleted your payment information for security reasons and disconnected your Facebook account.

In order for us to confirm that you are the legitimate account holder, please send one of the following:
Earliest receipt for one of your Spotify payments You should be able to find it by searching for "Spotify receipt" in your inbox.
A screenshot of a Spotify payment on your bank or PayPal excerpt (make sure the date and payment reference are visible on the screen).
Once we have received the above information we can start the survey.

In the meanwhile, we strongly recommend that you change the password for the email address registered for your Spotify account (we do not mean your Spotify password, but the email address password associated with your Spotify account, such as Gmail, Hotmail, etc. .)"

Thanks alot Spotify!

I had to create a new account to share this with you...

user-removed · 2018-01-05

I am getting thouroughly sick and tired of this exploit ruining my premium music experience, I have done everything on here suggested 3 times revoking all access resetting my account, it's fine for a few days and then lo and behold it's back!

Spotify GET THIS FIXED!!! There are enough users screaming their heads off over this but you dont seem to want to take this seriously! It's not like you are the only streaming service in town!

kaanpolat · 2018-01-05

Have you tried changing password and then revoking access? Worked for me. I must have logged on from somebody else's device at some point.

Angelicmts · 2018-01-09

Thanks Chopp.I have been hijacked too. I followed your advice. In a few days I will share how worked for me. Thanks

Angelicmts · 2018-01-09

After revocate access and reset password, I have found that the content of my daily mixes has changed, and it is aligned with the awful music that Spotiamb played with my account. Any idea to solve (besides of "just wait")?

cnnmndsspntmnt · 2018-01-10

Solved.

I got excellent help from the Spotify support staff.

We went through all the motions: facebook access, revoking, etc.. All of which I'd covered on my own.

And then, when we finally got to the point of cutting the cord and restarting my account, a very (very) important question got asked. "Can you login with your Spotify account?" My huh? I'd logged in with FB from the get-go. "Looks like you logged in once with a Spotify account five years ago. Do you remember that password?"

Nope. But, hot-darn that was the solution.

While I'd done everything under the sun to lock down my accounts, you know, since 2015, I'd left a backdoor to Spotify in the form of an account and a password I didn't care about at the time. Who'd have thought that five years later I'd be more concerned that my AI overlord's suggestions would be torn asunder by hacking?

Long story short? Changed and revoked the password. Bonus? The help was able to move my Discover Weekly goodness back to its original goodness.

All is right in the world.

Spotify Community

Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Spotify Connect Exploit - Spotiamb 0.2.1. - hijacks user accounts to play songs.

Suggested posts

Let's introduce ourselves!