Spotify accounts 'hacked': users locked out by hijackers who followed fake bands and played random songs

Some Spotify users claim hackers took control of the app while they were using it (PA Archive)
Some Spotify users claim hackers took control of the app while they were using it (PA Archive)

Many Spotify users have said their accounts were breached by hackers who changed their details and took control of the app.

The music streaming service’s customers have shared their shocking experiences on social media.

Some users suspected unauthorised access to their accounts when they noticed changes to the email associated with their Spotify membership. Consequently, they were unable to access their accounts and play music.

Numerous Spotify members said on X, formerly Twitter, that they had noticed suspicious behaviour on their accounts.

One person said the hackers had followed hundreds of fake AI bands. Others claimed that someone had liked random tracks, while many more noticed the ghostlike presence of another user while using the app.

“I went to bed last night listening to some mainstream stuff and woke up to the most random, off-the-wall artists, songs, and albums saved... Hundreds of them,” wrote a Reddit user on the True Spotify subreddit, a forum devoted to the app.

“Same here. I changed my password right away, but someone listened to a couple of songs before I did it,” another user said.

The Reddit post has 81 comments, many from users who claim to have been hacked.

Spotify says it isn't aware of the issue. However, the company’s official customer support account on X has responded to multiple people who posted about the problem — although these may be automated replies.

A person familiar with the matter told the Standard that rather than a breach of Spotify’s systems, a credential stuffing incident was likely.

What is credential stuffing?

This is a type of cyberattack in which hackers obtain login details from an unrelated service or the dark web, and use them to break into multiple services.

The technique sees hackers banking on people using the same username and password combinations across multiple places. They often use automated tools to break into millions of accounts in one swoop.

What to do if your Spotify is hacked

On its support page for victims of hacking, Spotify instructs impacted customers to reset their password, sign out everywhere, and remove access to third-party apps.

“Our platform and user records are secure, but sometimes breaches on other services means someone else may log into your Spotify account,” Spotify says.

“Rest assured, your financial and security details are never compromised.”