Announcements
The Spotify Stars Program: Celebrating Values Week!

Help Wizard

Step 1

NEXT STEP

Spotify connect security leak??

Spotify connect security leak??

Hi I sold my device which I used for Spotify Connect.  I removed the device from de device list. 

But the device appeared again in the list. I could even connect and play music and control the volume. I verified this with the new owner of the device.

 

So according to me, spotify should not start streaming to a device, when this device is not accessible via your own network (wifi, airplay etc etc) !!! 

Which usage scenario needs this "feature"? I can't think of one...

 

A scenario which won't make you happy: You had a party, a few people connected to your device to play music. They go home. They can still play music on your device. Even when they are not  connected with your wifi network...

Reply
7 Replies

Hey!

Spotify take security extremely seriously and constantly looking at new ways to protect users around the world across a range of devices. Could you let me know what device this is? As there is a number of devices which require further action than 'Signing out everywhere' on the Spotify site as mentioned below the button so just want to dive a bit deeper and see if this could be the cause.

Thanks!

It is a Marantz NR1506.

 

 

 

 

Hi @PM80mkll,

 

Thanks for the reply.

 

Have you tried Logging out Everywhere? This should log your account out of all devices. (Note that this does not work for devices like Playstation or some Sonos systems).

 

The person you've sold the device to can try to perform a factory reset, which should automatically remove all saved user data on the device itself.

 

On another note, if you have any suggestions regarding Spotify Connect, we'd recommend sharing them in our Idea exchange where other Spotify users can add their support and feedback. To find more on how these ideas can get implemented, make sure to take a look at this Spotify Answer.

 

We hope this is helpful but don't hesitate to give us a shout if there's anything else!

AlexModerator
Help others find this answer and click "Accept as Solution".
If you appreciate an answer, maybe give it a Like.
Are you new to the Community? Take a moment to introduce yourself!

1] Indeed that a deleted device comes back should be solved. 

2] But the major part is that I connect to the device, start playing and volume control the device. Even when its out of reach (Not in my wifi network, bluetooth, airplay etc)

3] It is dangerous too. Friend of my tells me that sometimes music plays in his car because his daughter connects to spotify accidentally. Its a Mercedes.

4] Is this allowed regarding privacy law??

5] It should not be possible to connect to a playback device when it is not directly accessible from your device where you select the playback device!!!!

 

Hi there @PM80mkll,

 

Thanks for the quick reply.

 

The way Spotify Connect works is like this - if you log in with your account on a device, your account will stay logged in on that device until you log out manually from the device or use the Log out everywhere function to log out of all devices. It's regardless of you physical location and network, as you can have your account logged on your phone while being out and about and you home speaker at the same time.

 

That's why you should make sure you always log out if you've connected your account to someone else's device.

 

You can read more on how to protect your account here

 

As I've mentioned above, you can submit an idea if you have one on how to make service more secure. 

 

Cheers.

AlexModerator
Help others find this answer and click "Accept as Solution".
If you appreciate an answer, maybe give it a Like.
Are you new to the Community? Take a moment to introduce yourself!

OK,

Thanks for your reply.

I think this isn't right.

1] The person who connected to your device has to take the initiative to log out. A person with bad intentions or doesn't know can connect to my device. Accidentially or bad willing.

2] The only way a device owner can solve this is factory reset a device. In the situation of receivers this is bad. All sound settings are gone.

3] Why is the account stored in the connect device?

4] Why should a user be able to connect and playback when the device is not nearby?

 

 

I entered an Idea. I don't think it is an idea. Its a security issue...

Straight up, this is a full blown security issue and anybody who would kindly suggest it's not does not have your interest in mind. 

It's INSANE that you can join someone's wifi network one time and now control all audio devices in their network from 5000 miles away without any consent.  Heres a question Spotify, when you let someone in your house *1 time*, do you by default them permission to drive your car, blast your stereo, raid your pantry, and return without consent as they please?

The obvious answer is no, so maybe consider how you've literally enabled a version of that for audio.

Factory default reset on a 2000$ receiver is a completely unacceptable response. Why would I legitimately need to play music on a wifi network that I'm not on? You made something that hurts everyone using HEOS.

 

Suggested posts