Is someone else using your Spotify? Thousands of users sound alarm over account breach
- Replies 4
Streaming services like Spotify have become the soundtrack to our lives, and the security of our online accounts has never been more important.
Unfortunately, it seems that not even our music libraries are safe from the reach of cybercriminals.
Recently, a wave of Spotify users have reported alarming breaches, leaving them locked out of their accounts and at the mercy of hackers with questionable musical tastes.
The incidents came to light as Spotify users shared their experiences on social media.
The common reports were the sudden and unauthorised changes to their account details, including the email addresses linked to their Spotify memberships. These prevented them from accessing their own playlists and streaming history.
But the hackers didn't stop there.
Once inside the accounts, they engaged in a bizarre pattern, following hundreds of fake AI-generated bands and liking several random tracks. This left many users feeling like another user was using the app.
One user recounted their experience: 'I went to bed last night listening to some mainstream stuff and woke up to the most random, off-the-wall artists, songs, and albums saved... Hundreds of them.'
Another chimed in, 'Same here. I changed my password right away, but someone listened to a couple of songs before I did it.'
Despite the growing number of reports, Spotify initially claimed unaware of the issue.
However, the company's customer support account on social media platforms has been busy responding to the affected users, though it's unclear if these are personalised responses or automated replies.
A source close to the situation suggested that the problem might not stem from a direct breach of Spotify's systems.
Instead, it appears to be a case of credential stuffing.
This cyberattack involves hackers obtaining login details from other compromised services or the dark web and then using those credentials to gain unauthorised access to multiple accounts across different platforms.
The success of this method relies on the all-too-common practice of users recycling the same username and password combinations.
Credit: @jplepore / X (formerly known as Twitter)
For those affected, Spotify has outlined steps on its support page to regain control of their accounts.
Users are advised to reset their passwords, sign out of all devices, and revoke access to third-party apps connected to their Spotify account.
‘Our platform and user records are secure, but sometimes breaches on other services means someone else may log into your Spotify account,’ Spotify said.
‘Rest assured, your financial and security details are never compromised.’
This issue comes after TV streaming company Roku reported over 576,000 compromised accounts in a cyberattack after its initial breach in March.
Roku’s second and more extensive breach was also likely a result of credential stuffing.
Have you been affected by Spotify’s cyberattack or other similar platforms? Share your experiences in the comments below!
Unfortunately, it seems that not even our music libraries are safe from the reach of cybercriminals.
Recently, a wave of Spotify users have reported alarming breaches, leaving them locked out of their accounts and at the mercy of hackers with questionable musical tastes.
The incidents came to light as Spotify users shared their experiences on social media.
The common reports were the sudden and unauthorised changes to their account details, including the email addresses linked to their Spotify memberships. These prevented them from accessing their own playlists and streaming history.
Thousands of Spotify users reported about their accounts being compromised. Credit: Shutterstock
But the hackers didn't stop there.
Once inside the accounts, they engaged in a bizarre pattern, following hundreds of fake AI-generated bands and liking several random tracks. This left many users feeling like another user was using the app.
One user recounted their experience: 'I went to bed last night listening to some mainstream stuff and woke up to the most random, off-the-wall artists, songs, and albums saved... Hundreds of them.'
Another chimed in, 'Same here. I changed my password right away, but someone listened to a couple of songs before I did it.'
Despite the growing number of reports, Spotify initially claimed unaware of the issue.
However, the company's customer support account on social media platforms has been busy responding to the affected users, though it's unclear if these are personalised responses or automated replies.
A source close to the situation suggested that the problem might not stem from a direct breach of Spotify's systems.
Instead, it appears to be a case of credential stuffing.
This cyberattack involves hackers obtaining login details from other compromised services or the dark web and then using those credentials to gain unauthorised access to multiple accounts across different platforms.
The success of this method relies on the all-too-common practice of users recycling the same username and password combinations.
Credit: @jplepore / X (formerly known as Twitter)
For those affected, Spotify has outlined steps on its support page to regain control of their accounts.
Users are advised to reset their passwords, sign out of all devices, and revoke access to third-party apps connected to their Spotify account.
‘Our platform and user records are secure, but sometimes breaches on other services means someone else may log into your Spotify account,’ Spotify said.
‘Rest assured, your financial and security details are never compromised.’
This issue comes after TV streaming company Roku reported over 576,000 compromised accounts in a cyberattack after its initial breach in March.
Roku’s second and more extensive breach was also likely a result of credential stuffing.
.png){kind=icon}
