Announcements

Suspicious Activity

Status: Closed

There doesn't seem to be a way to report suspicious activity, but I wanted to surface a potential incident. 

 

I noticed today that I was suddenly following 3 similarly named playlists all created by the user dapjs, I definitely didn't do this willingly or knowingly. I have not given my account information to anyone else and it's impossible that someone I know used one of my devices to follow these playlists. 

 

Worried my account may have been compromised, I have already used the "Sign out everywhere" feature and have reset my password. After posting this, I am going to unfollow these playlists. 

 

All 3 of the playlists were made 4 days ago, and already have hundreds of thousands of followers. I'm suspecting there's been some kind of breach in security.

 

here is a link to the user's profile

https://open.spotify.com/user/dapjs

Screen Shot 2017-11-07 at 3.32.55 PM.png
Screen Shot 2017-11-07 at 3.32.58 PM.png
Screen Shot 2017-11-07 at 3.33.01 PM.png

Hey folks, 

 

Thanks for all of your reports. We can confirm the tech team are looking into this, and taking the necessary steps to fix it. 

 

Just to confirm, Spotify has not been compromised and your data is secure. If you're concerned about the security of your account, we'd recommend checking these steps for what to do next.

 

Thanks!

 

Comments
mattgreenrocks

I'm in the same boat with these playlists. While it is possible it was due to a data breach, I remain skeptical; I use a good password that is not shared with any other service. My listening history doesn't have any surprises. This looks and feels like a programming error to me.

 

One thing I'd really like to see come out of this: a way to show all logged in sessions like Gmail has.

Reqlay

I have the same thing as ya'll have. About the API thing, the only website I have used that uses Spotifys API is obscurifymusic.com maybe that has something to do with it.

Fosfor

I also got signed up for these.

image.png

 

Did not intentionally sign up, have not accepted any spotify link that should have added them.

nunoin

Same here. Changed password, will now wait and see...

patricloseth

I have 2 step verification on my account, so my suspect lays on the applications granted access to interact with my spotify profile.

 

https://www.spotify.com/us/account/apps/

 

Profile
Allows the profile service to transcode images


Application image PlaylistExport (I suspect this one)
An app to help users export their playlists

 

After a closer look on this webapp I've found an user on this forum that made this application for us: https://community.spotify.com/t5/Desktop-Linux-Windows-Web-Player/Export-To-Excel/td-p/76749 (user: jal278)


Application image Last.fm Player
Play tracks on Last.fm through Spotify

Application image Lithium Community - Production
Client application for Lithium Production Community SSO - please contact support@lithium.com for information

Application image support.spotify.com login
Login with SSO from support.spotify.com

Application image Ticketmaster International
The Ticketmaster International App allows you to find events recommended for you by scanning your playlists and recent listens for your favourite artists.

 

Please check what you got on your list so we can compare.

MaríaCamila
Status changed to: Under investigation

Hi guys @programmerdeus, @patricloseth@nunoin@Fosfor and @Reqlay, welcome to the Spotify Community!

 

We'll be updating the status of this thread to Under Investigation, and we'll pass on the info to the relevant team. Hopefully they'll find a fix soon.

 

Stay tuned for any updates here. Cheers 🙂

mattbach

I too have:

 

Application image Lithium Community - Production 
Client application for Lithium Production Community SSO - please contact support@lithium.com for information

Application image support.spotify.com login 
Login with SSO from support.spotify.com

 

I'm guessing its Lithium then? It seems Lithium is just the software this community thread operates on.

Fosfor

Year in Music 

SpotifyYear In Music

 

Application image

 

Lithium Community -

Production Client application for Lithium Production Community SSO - please contact support@lithium.com for information 

 

Applicationimage

support.spotify.com

login Login with SSO from support.spotify.com

phredman

I too was following these playlists.

patricloseth

Any updates on the incident? Where does it come from?