Spotify connect security leak??

Reply

Spotify connect security leak??

PM80mkll
Music Fan

Hi I sold my device which I used for Spotify Connect.  I removed the device from de device list. 

But the device appeared again in the list. I could even connect and play music and control the volume. I verified this with the new owner of the device.

 

So according to me, spotify should not start streaming to a device, when this device is not accessible via your own network (wifi, airplay etc etc) !!! 

Which usage scenario needs this "feature"? I can't think of one...

 

A scenario which won't make you happy: You had a party, a few people connected to your device to play music. They go home. They can still play music on your device. Even when they are not  connected with your wifi network...

6 Replies

EthanS1
Community Legend
Hey!

Spotify take security extremely seriously and constantly looking at new ways to protect users around the world across a range of devices. Could you let me know what device this is? As there is a number of devices which require further action than 'Signing out everywhere' on the Spotify site as mentioned below the button so just want to dive a bit deeper and see if this could be the cause.

Thanks!

PM80mkll
Music Fan

It is a Marantz NR1506.

 

 

 

 

Alex
Moderator
Moderator

Hi @PM80mkll,

 

Thanks for the reply.

 

Have you tried Logging out Everywhere? This should log your account out of all devices. (Note that this does not work for devices like Playstation or some Sonos systems).

 

The person you've sold the device to can try to perform a factory reset, which should automatically remove all saved user data on the device itself.

 

On another note, if you have any suggestions regarding Spotify Connect, we'd recommend sharing them in our Idea exchange where other Spotify users can add their support and feedback. To find more on how these ideas can get implemented, make sure to take a look at this Spotify Answer.

 

We hope this is helpful but don't hesitate to give us a shout if there's anything else!

AlexModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
 
“With freedom, flowers, books, and the moon, who could not be perfectly happy?” ― Oscar Wilde

PM80mkll
Music Fan

1] Indeed that a deleted device comes back should be solved. 

2] But the major part is that I connect to the device, start playing and volume control the device. Even when its out of reach (Not in my wifi network, bluetooth, airplay etc)

3] It is dangerous too. Friend of my tells me that sometimes music plays in his car because his daughter connects to spotify accidentally. Its a Mercedes.

4] Is this allowed regarding privacy law??

5] It should not be possible to connect to a playback device when it is not directly accessible from your device where you select the playback device!!!!

 

Alex
Moderator
Moderator

Hi there @PM80mkll,

 

Thanks for the quick reply.

 

The way Spotify Connect works is like this - if you log in with your account on a device, your account will stay logged in on that device until you log out manually from the device or use the Log out everywhere function to log out of all devices. It's regardless of you physical location and network, as you can have your account logged on your phone while being out and about and you home speaker at the same time.

 

That's why you should make sure you always log out if you've connected your account to someone else's device.

 

You can read more on how to protect your account here

 

As I've mentioned above, you can submit an idea if you have one on how to make service more secure. 

 

Cheers.

AlexModerator
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
 
“With freedom, flowers, books, and the moon, who could not be perfectly happy?” ― Oscar Wilde

PM80mkll
Music Fan

OK,

Thanks for your reply.

I think this isn't right.

1] The person who connected to your device has to take the initiative to log out. A person with bad intentions or doesn't know can connect to my device. Accidentially or bad willing.

2] The only way a device owner can solve this is factory reset a device. In the situation of receivers this is bad. All sound settings are gone.

3] Why is the account stored in the connect device?

4] Why should a user be able to connect and playback when the device is not nearby?

 

 

I entered an Idea. I don't think it is an idea. Its a security issue...

SUGGESTED POSTS