Announcements

Suspicious Activity

Status: Closed

There doesn't seem to be a way to report suspicious activity, but I wanted to surface a potential incident. 

 

I noticed today that I was suddenly following 3 similarly named playlists all created by the user dapjs, I definitely didn't do this willingly or knowingly. I have not given my account information to anyone else and it's impossible that someone I know used one of my devices to follow these playlists. 

 

Worried my account may have been compromised, I have already used the "Sign out everywhere" feature and have reset my password. After posting this, I am going to unfollow these playlists. 

 

All 3 of the playlists were made 4 days ago, and already have hundreds of thousands of followers. I'm suspecting there's been some kind of breach in security.

 

here is a link to the user's profile

https://open.spotify.com/user/dapjs

Screen Shot 2017-11-07 at 3.32.55 PM.png
Screen Shot 2017-11-07 at 3.32.58 PM.png
Screen Shot 2017-11-07 at 3.33.01 PM.png

Hey folks, 

 

Thanks for all of your reports. We can confirm the tech team are looking into this, and taking the necessary steps to fix it. 

 

Just to confirm, Spotify has not been compromised and your data is secure. If you're concerned about the security of your account, we'd recommend checking these steps for what to do next.

 

Thanks!

 

Comments
kmacinnis

 I just had a weird Android phone using my Spotify Connect, so I changed my password, logged out everywhere, removed it from my devices, and noticed I was following some playlists from this user:

 

https://open.spotify.com/user/tobillo24601

 

I think there's a security breach.

Jack
Status changed to: Under investigation

Hi all, 

 

We appreciate you sharing your experiences of this in the thread.

 

Rest assured, our teams are looking into this backstage as we speak. We hope to have an update on the situation from them soon, which we'll share in here.

 

Thanks!

TheDapperGinger

 @Jacks

Fosfor

Just got an email informing me that I had to reset my password.

DBullard

I have seen the same playlists on my Spotify Account as well as two "additional" family members that were added to my account.

 

Spotify's public response here is leaving a sour taste in my mouth....

 

I removed the two additional family members and changed my account password. I'm *really* tempted to cancel my account now...

miclis93

Today, when I turned on Spotify on laptop, I got a "wrong password" error. It is strange, as I enabled auto log in so there is no way I made an error when typing a password. I immidiately recovered my account and changed password. One week ago, 3 playlists were somehow added to my account and now my password was changed without my knowledge... what is happening?

jpdelmundo

Same issue here

Fosfor

Being forced to change password is a good thing from Spotify.

 

Hi Spotify User

To protect your Spotify account, we've reset your password. This is because we believe it may have been compromised during a leak on another service with which you use the same password.

Don't worry! This is purely a preventative security measure. Nobody has accessed your Spotify account, and your data is secure. 

EazyDuzIt187

I am having the same issue. Some other device has connected to my account. I have not given out my information either and have used the sign out method aswell, but as I sign in on my phone i see the device is still there. Unable to connect though. Might not continue my premium after this month.

steevski

Yeah, today I had a bunch of stuff show up in my recent list I've never listened to. Saw someone had attached their iPhone to my account. 

 

I logged everything out and changed my password. 

 

I say it sure looks like a breech at Spotify. 

 

Im still trying to figure out how Spotify still doesn't have 2FA available. That's embarrassing that they haven't implemented it yet.