Announcements

Suspicious Activity

Status: Closed

There doesn't seem to be a way to report suspicious activity, but I wanted to surface a potential incident. 

 

I noticed today that I was suddenly following 3 similarly named playlists all created by the user dapjs, I definitely didn't do this willingly or knowingly. I have not given my account information to anyone else and it's impossible that someone I know used one of my devices to follow these playlists. 

 

Worried my account may have been compromised, I have already used the "Sign out everywhere" feature and have reset my password. After posting this, I am going to unfollow these playlists. 

 

All 3 of the playlists were made 4 days ago, and already have hundreds of thousands of followers. I'm suspecting there's been some kind of breach in security.

 

here is a link to the user's profile

https://open.spotify.com/user/dapjs

Screen Shot 2017-11-07 at 3.32.55 PM.png
Screen Shot 2017-11-07 at 3.32.58 PM.png
Screen Shot 2017-11-07 at 3.33.01 PM.png

Hey folks, 

 

Thanks for all of your reports. We can confirm the tech team are looking into this, and taking the necessary steps to fix it. 

 

Just to confirm, Spotify has not been compromised and your data is secure. If you're concerned about the security of your account, we'd recommend checking these steps for what to do next.

 

Thanks!

 

Comments
patricloseth

I believe the breach at Disqus is the main reason for our accounts being comprimised. Using the same e-mail and password on multiple sites is our own fault, but Spotify could atleast agree that peoples accounts has been used by others. I was active, browsing my playlists while listening to music, when someone else connected and changed music. I had a new device to listen from too, see *FLO* on the attached screenshot. 

 

All logins has been terminated and the password has been changed after this, but Spotify should add 2FA ASAP! My music is my holy grail, and I want it to be as safe as possible. Screenshot_20171111-123420.png

 

Polangua
I never used the same password on any other sites, so must be a direct spotify breach as well
EazyDuzIt187

Update: So yesterday I noticed a new device connected to my spotify listening to german rap.. The other person was trying to listen to music at the same time I was. We kept interupting eachother for about 5 mintues before it went away... Anyways I updated my password and used the sign out of everywhere option, since then the device has been removed as it doesnt appear anymore and I made sure to delete all that German rap haha, I am going to change my Email, Facebook ect. Just as an extra percaution. If anything happens I'll do another update. But it seems it has worked for me for now.

CamAustin

Same issue, cannot reset my password due to my email being changed by whoever has compromised my account, haven't heard anything from support on twitter, and can't change my password until I can change the email associated with my account

Chris
Status changed to: Closed

Hey folks, 

 

Thanks for all of your reports. We can confirm the tech team are looking into this, and taking the necessary steps to fix it. 

 

Just to confirm, Spotify has not been compromised and your data is secure. If you're concerned about the security of your account, we'd recommend checking these steps for what to do next.

 

Thanks!