Announcements

Suspicious Activity

Status: Closed

There doesn't seem to be a way to report suspicious activity, but I wanted to surface a potential incident. 

 

I noticed today that I was suddenly following 3 similarly named playlists all created by the user dapjs, I definitely didn't do this willingly or knowingly. I have not given my account information to anyone else and it's impossible that someone I know used one of my devices to follow these playlists. 

 

Worried my account may have been compromised, I have already used the "Sign out everywhere" feature and have reset my password. After posting this, I am going to unfollow these playlists. 

 

All 3 of the playlists were made 4 days ago, and already have hundreds of thousands of followers. I'm suspecting there's been some kind of breach in security.

 

here is a link to the user's profile

https://open.spotify.com/user/dapjs

Screen Shot 2017-11-07 at 3.32.55 PM.png
Screen Shot 2017-11-07 at 3.32.58 PM.png
Screen Shot 2017-11-07 at 3.33.01 PM.png

Hey folks, 

 

Thanks for all of your reports. We can confirm the tech team are looking into this, and taking the necessary steps to fix it. 

 

Just to confirm, Spotify has not been compromised and your data is secure. If you're concerned about the security of your account, we'd recommend checking these steps for what to do next.

 

Thanks!

 

Comments
MCR

I had the very same issue, it's annoying and frightening 

abourn

I have this same issue as well! All of the playlists are from the user 'dapjs'. Attatched you can see the names of the three screenshots that I have. I'm planning to keep these playlists for now in case it would help with Spotify taking a look at the issue, and I'm going to change my password in the meantime.

This is a little worrisome for sure...

Screen Shot 2017-11-07 at 17.39.03.png

This happened to me today. When I opened Spotify this morning there were two playlists that I didn't add to my library:

 

  • P L E A S U R E "Good Vibes"
  • P L E A S U R E "Cloud Rap"

I unfollowed both of these playlists, then about 6 hours later another playlist was added to my library:

 

  • P L E A S U R E "Underground Rap"

I would recommend anyone that has this issue to change their password. It's possible that your email address and password were harvested from a data breach - you can check https://haveibeenpwned.com/ to see if your email or username has been leaked in any big breaches.

 

Edit: Of course it's possible that this isn't related to any data breach and is just the result of some Spotify employee accidentally making 280,000 people follow these playlists. Still, unless Spotify confirm this I would opt to be overly cautious and change your password.

programmerdeus

yeah, I think it's most likely that this was a malicious use of the spotify plugin or api rather than an actual data breach. I've gone to websites before the have spotify embeded in them, and it would automatically sync playing across the web, desktop app, and my phone, so it's very plausible that someone could write a script that would auto-follow a playlist if the api for doing so isn't guarded to only be accessible by spotify-owned apps where they can guarantee such a behavior wouldn't happen.

Hey @programmerdeus@MCR@abourn & @user-removed!

 

Thank you all for posting your concerns to the community. I'd love to help you here. This Spotify Support article outlines how you can get your account secured, and how to report this to Team Spotify.


Cheers,

Tim

programmerdeus

thanks @itspugle, I'm chatting with a spotify representative right now

abourn

Thanks @itspugle

I've submitted a ticket to the support team bringing this issue to their attention, thanks for the advice.

In the meantime, I'm definitely curious about @programmerdeus' theory about the API...I can't think of anywhere I've signed in that would allow a 3rd party to automatically follow these playlists.

My pleasure, @programmerdeus & @abourn! For the matter of security of the system, I think it's best if this discussion is held with Support, not publicly here in the Community 🙂

 

mattbach

This same exact thing has happened to me. I'll go about resetting my account information but would appreciate a general problem update here so that i do not have to deal with the support team directly.

liannsun98

same issue, v disturbing, would love an update