Many Spotify users have said their accounts were breached by hackers who changed their details and took control of the app.
The music streaming service’s customers have shared their shocking experiences on social media.
Some users suspected unauthorised access to their accounts when they noticed changes to the email associated with their Spotify membership. Consequently, they were unable to access their accounts and play music.
Numerous Spotify members said on X, formerly Twitter, that they had noticed suspicious behaviour on their accounts.
One person said the hackers had followed hundreds of fake AI bands. Others claimed that someone had liked random tracks, while many more noticed the ghostlike presence of another user while using the app.
My Spotify got hacked, now I get to spend my sunday unfollowing hundreds of obviously AI bands that the hackers added to my account. Technology rules!! pic.twitter.com/LW7WNPhqO1
— Joe Lepore (@jplepore) April 14, 2024
“I went to bed last night listening to some mainstream stuff and woke up to the most random, off-the-wall artists, songs, and albums saved... Hundreds of them,” wrote a Reddit user on the True Spotify subreddit, a forum devoted to the app.
“Same here. I changed my password right away, but someone listened to a couple of songs before I did it,” another user said.
The Reddit post has 81 comments, many from users who claim to have been hacked.
i'm not a hateful person BUT i hope whoever hacked by spotify and poisoned my algorithm burns
— david griffith (@DMGriffith2) April 13, 2024
Spotify says it isn't aware of the issue. However, the company’s official customer support account on X has responded to multiple people who posted about the problem — although these may be automated replies.
Uhm my Spotify got hacked 😭 pic.twitter.com/C0eAu71kSy
— rowan (@RealityRowan) April 15, 2024
A person familiar with the matter told the Standard that rather than a breach of Spotify’s systems, a credential stuffing incident was likely.
What is credential stuffing?
This is a type of cyberattack in which hackers obtain login details from an unrelated service or the dark web, and use them to break into multiple services.
The technique sees hackers banking on people using the same username and password combinations across multiple places. They often use automated tools to break into millions of accounts in one swoop.
i need to start taking those password data leaks seriously cos someone just hacked my precious spotify
— jess (@SUKIPAN3SAR) April 16, 2024
What to do if your Spotify is hacked
On its support page for victims of hacking, Spotify instructs impacted customers to reset their password, sign out everywhere, and remove access to third-party apps.
“Our platform and user records are secure, but sometimes breaches on other services means someone else may log into your Spotify account,” Spotify says.
“Rest assured, your financial and security details are never compromised.”