Who Me Too'd this topic

Unrecognized / Unauthorized account use by web player - suspected bots

3rc

This is an issue that's been plaguing me for several months, and if it continues I may cancel my subscription and just subscribe to Google Play Music.

 

Several times now I have reset my password, logged out of all devices and removed access by any apps that might be the culprit. I've enabled 2FA through Facebook (how I log in) and removed ALL app access there. I've also completely cleared my cookies/cache in all my browsers, disabled extensions and anything that could possibly have access. I've even purposely not logged into the account from any browser - only the native Mac and/or Android apps.

 

It seems that web players are somehow gaining access to my account and playing music that I not only have never heard of, but is also not relevant to my listening history. Sometimes when I'm listening to music, it will stop and just start playing stuff that's completely unfamiliar. Whenever it happens, I see "Web Player" listed as one of the available devices.

 

The first few times I noticed this, the music I was listening to would stop and start playing something completely different. Even if I changed it back to something within one of my playlists, within 1-2 minutes it would change again. This hasn't happened in a few weeks since the last time I reset my password & cleared everything, but after noticing something similar yesterday I felt it necessary to make this post.

 

Here's a screenshot of a playlist that started playing while I was not using my account on any devices:

Screen Shot 2019-03-12 at 7.20.32 AM.png

 

Two things make me suspect that these are just bots using my account:

1) The active device isn't always changed to the web player, rather continuing on whichever one I'm using - so obviously it's not someone actually trying to listen to music.

2) The majority of what gets played is in the vein of "SoundCloud Rap" - artists that have a presence on SoundCloud and are obviously using several methods of promotion on their channels, either paid or cross-channel with other accounts.

 

To me, this indicates some shady programmatic efforts to inflate play counts for these artists. I know this is something that's naturally going to happen, where people abuse the system for their own gain, and I'm sure Spotify actively takes measures to combat these efforts to garner "false plays", just as false clicks are an issue in the world of Pay Per Click advertising.

 

By this playlist containing "Campaigns" in the title, I would assume this user account is at the very least complicit in what's going on. If you look into their brand, it appears they offer music management + "placement" services as well: http://www.3sixtymusicgroup.com/

 

Side note: Sorry if it seems like I'm putting your brand on blast (especially if you're legitimate), I'm just trying to convey some patterns here that may help get to the bottom of a pretty significant issue. I'm sure there are plenty of entities involved in similar (or worse) exploits, yours just happened to be immediately apparent.

 

While I understand that things like this are bound to happen, MY ISSUE is that Spotify frankly does not offer enough visibility or control to ensure that things like this don't continue to happen. Nevermind the nuisance of my music stopping, having to endure the sonic abuse of this garbage music or its effect on my listening profile and the recommendations I get in Discover Weekly (one of my favorite / most-used features in the whole platform).

 

The fact that I can't see account access details, restrict or even report them is incredibly frustrating. Having limited visibility suggests that Spotify isn't truly concerned about the privacy of its users, especially considering we have absolutely no way to know whether this is an actual breach warranting concern or just some sort of exploit to hijack streaming use.

 

Please, Spotify, address these issues and provide us with enough assurances that security risks are actively being minimized. Provide us with better tools to report & combat these issues.

 

Your service has changed the way I listen to and discover new music, and I've advocated to the point of evangelicism with everyone I know. But this issue does not bode well for my future as a subscriber.

 

Plan

Premium User

USA

 

Device

Macbook Pro (Mid 2015), Samsung Galaxy S9

 

Who Me Too'd this topic