Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Account Compromised? Linked through Facebook - Facebook reports no activity

Account Compromised? Linked through Facebook - Facebook reports no activity

I've noticed behavior similar to the "Spotiamb exploit" issue some people have experienced. The behavior is the player changing the active song to things I have never heard, adding these items to my playlist (sometimes entire albums) and then playing this music on devices I have never approved (So far called Garret and one other which I will add when I see it again).

 

I don't have a password associated with my account so not understanding how it could be hacked. It seems Spotify is using Oauth through Facebook and according to FB my account has not been compromised so seems the issue is on Spotify's end.

Reply
8 Replies

GT-I8200N is the other device.

Also, I have

 

- Told Spotify to log me out of all other devices

- Closed all active FB sessions from their dashboard (didn't see anything malicious though)

- Enabled two step authentication on FB's end (they text me a code to authenticate on a new device)

 

Hour or so after this, the behavior started again. 🙂

Today, again, about three more albums of songs from someone other than me were added to my account.

Facebook reports no authenticated sessions or login attempts.

Had to remove three more albums this morning. At this point I should have left Spotify but really I just want to know what the hell is going on.

@winrid

 

The best course of action when something like that happens is to create a new account with a different email address from the one you're using (Tip: don't use the one you use for Facebook). That will give you a different Spotify username of your choice.

 

Once you have this new account, contact customer support and they'll help you migrate your Premium privileges, library, playlists, friends, etc. to this new account.

 

Connected devices stay with the old account, so you'll have a fresh start without them.
 
osorniosSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

What if I'm a user that wants to continue using the social aspects of Spotify? If this is an oAuth related issue won't it solve nothing?

Also without an actual explanation of how this happened how can I be sure it won't happen again? I wasn't compromised through Facebook, right?

@winrid

 

If you like you can link this new account to your Facebook again, but now you won't have to rely in the Facebook login process, since you'll have your very own Spotify username.

 

I don't know how anyone could get access to your account, but from experience I can tell it's not a common occurence.

osorniosSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Suggested posts