Announcements

Potential backdoor - Suspicious artists/users

Potential backdoor - Suspicious artists/users

So I'm sorry if this is against community guidelines but I didn't have a great experience with trying to contact support, and I do feel that the issue should be brought up in case there is something going on. Yesterday my friend's account was hacked, with unknown logins from Mexico and from the USA. The hacker played playlists from a couple of different users that cannot be found through searching, all consisting of songs from suspicious artists.

 

Why I'm posting this: I do have some experience with CS and am getting a degree in cybersecurity, and this situation raises several red flags. Trying to contact support got me nowhere, and I think it's important to get some attention on it even if it does turn out to be nothing.

 

The playlists known:

https://open.spotify.com/playlist/5U1au9XVkOZGEGvElu6kZb?si=VL--nDDhSOeY_ZHuve_TtA

https://open.spotify.com/playlist/7jPCuZ1gixg6z9tRIRwK0Z?si=IeXf3Lk_TQW_FqsIjmxyaA

https://open.spotify.com/playlist/4UhBRQ1GyODndsGyfHRdsw?si=_rEl0467Sauj08YZOrKFWw

https://open.spotify.com/playlist/0DS6kLjSh6ukTD9S8nvD7s?si=cePOMKJ1TVy3k2nZdZKMTQ

https://open.spotify.com/playlist/2ZZHCxczVia7DHFzr5Z8N5?si=nRHD7jT-Q8Km0THZss8AQA

https://open.spotify.com/playlist/4H5EiavlRoOGIMhjXR3Am0?si=8D2mCSXKRyW-6iYDv5Mudw

 

The playlist show up strangely in the app - most of them do not show playlist titles, creator, or followers, which I don't believe you can ordinarily hide.

 

The artists known:

Flying crow (https://open.spotify.com/artist/3gcTWQlxRZYl2jahPP7LDQ?si=6fi-4Gk_QoabkHRYlen-VA)

Confused deer (https://open.spotify.com/artist/5xUnhoS2nJ3ikNKMfSwIu6?si=f6Tp8DZ_RDGVAe6V3RYCkQ)

Proud peony (https://open.spotify.com/artist/3KIbqWzlJgHtSfLB6c0qa3?si=NpSeCG7jQHm9NrRA1CojyQ)

Crazy ice frog (https://open.spotify.com/artist/3n21gIhOYpDQgw4bVu6GVO?si=iDm3_H5KS--kHqppRmxwSg)

Ferocious lion (https://open.spotify.com/artist/2GbLQxA7f9L3IJRx34n4bd?si=j0FCVdI5Rd-pWIf7qc4rmw)

Lonely Wild Goose (https://open.spotify.com/artist/6AOz66ybO6ce5XUVqLb9zB?si=j-R_sGgwQY-DJZ8W_flQbw)

Crazy panther (https://open.spotify.com/artist/4aVp8Xi5HVdl7JXQqMJr17?si=fVt8YxXmSQuHY7RAZWpj9A)

Playful butterfly (https://open.spotify.com/artist/5Co8QPdjNw7ix2fjg41ZfM?si=IJNuu3pCTKGKwm4hnoDwSQ)

Cute little peanuts (https://open.spotify.com/artist/13EnL440BqgXa8jrYpFUwc?si=5Qz-XqeiRpibY4yD6ReBVQ)

 

 

They all have 5-10 songs each, released as singles instead of as an album. All of the songs follow the same naming scheme of a single capital at the beginning of the name, with no punctuation or other capitalization. All three artists released their songs on Dec 23-25, 2020. None of the artists actually exist as far as I can tell. All three artists have their music accredited to "266xxxx Records DK", (the xxxx is 4 digits that vary between artists) which as far as I can find also does not exist. The names given credit for the songs appear to be just random people, most of which appear to be pulled from recent obituaries.  The monthly listeners also follow the same pattern - always Los Angeles, US; New York City, US; and Houston, US in the top 5, with the bottom two varying between artists.

 

The users known:

SUPER MAN (https://open.spotify.com/user/ufoej0jllgq31xgt4jc9co3a5)

Irma (https://open.spotify.com/user/ns1fduzllz2sqpevr12cz0jvd)

LOVE ROLL (https://open.spotify.com/user/qup620ip9n1a8h8bulvv6cys7)

Thorny rose (https://open.spotify.com/user/wna5kcetchlorq4307yrc4wze)

Cunning rabbit (https://open.spotify.com/user/cayko5frw3dh9co8u2mtkh3kp)

Kind grandma (https://open.spotify.com/user/fp5xj1j5qa42w0ubtp2rco5wy)

 

These users all have no profile picture and are missing several key pieces of the profile that you ordinarily can't turn off (followers and following tabs).

 

All of these do point to something unusual going on, and as hesitant as I am to post this publicly for anybody to see, I can't seem to get through to Spotify any other way. I hope I can get some help this way.

Reply
1 Reply

Hey there @huemanatee

 

Thanks for the report and apologies for the poor experience you've faced, I've passed this on to the right folks at Spotify who'll take a look in to this deeper. I can confirm that your account and details are secure, Spotify has a dedicated security team working around the clock to protect your data.

 

I'd recommend if you haven't already with the Support Agent, resetting your password here and Sign out everywhere here

 

I have also passed on the playlists and the details that you have mentioned to Spotify's specialists who'll investigate this and will take the appropriate action. However due to the nature of these investigations I won't be able to come back to you with the outcome as they are dealt with by the specialist teams as I'm sure you understand. Just as a heads up, due to the way Spotify search works it's not always possible to be able to find someone through search.

 

In the meantime, I'd recommend checking out these measures here the teams at Spotify recommend for maintain your account security.

 

Have a lovely week ahead,

 

 

 

 

Suggested posts