Spotify’s ‘fake streams’ problem has a brand-new chapter.
Spotify is insisting that its systems have not been hacked. But numerous users are now reporting that songs by unrecognized artists have appeared in their play histories.
So what gives?
Some security experts believe that the issue could be indicative of some broader vulnerability. Spotify disagrees, but cannot explain why numerous unknown musicians are suddenly cramming the play counts of non-fans.
The unknown group of artists have racked up many thousands of listens. And in every reported case, the users involved have no recollection of playing these artists.
Among the mysterious music artists are the following:
- Bergenulo Five
- Bratte Night
- DJ Bruej
- Doublin Night
While none of these musicians have much of a presence on social media or anywhere else on the internet, they do share a number of similarities.
First, their songs are all relatively short and include little in the way of lyrics. The titles of the songs are also short, and not exactly descriptive.
While many Spotify users have claimed that they have been “forced” to listen to the mysterious artists, some on Twitter seem to be taking it in stride. A user named @robbiegirl called out the hackers of her account by giving them listening statistics. Another user named @FossilArcade offered the hackers song suggestions for future hacks.
These users are clearly not harmed, and mostly laughing it off.
A number of Reddit users seemed more upset. One of these users was a cybersecurity graduate named Callum Dixon, who actually wrote a thesis on Spotify. He believes that the problem is related to access tokens, which allow a website or a social media network to log someone onto a different site.
Even journalists, like Jonathan Griffin of the BBC, have found their playlists hacked with the mysterious recordings. The BBC reportedly asked Spotify for contact information for the artists. When Spotify refused, they tried to contact them on their own, but they received no reply.
What’s more, many of the artists subsequently disappeared from Spotify after the queries.
haha
this is happening to me. I contacted spotify about it on Twitter, they’re pretending this isn’t an issue, however it’s happened 5 times now, once while I was actively listening to music. It’s the same handful of garbage “artists”, all with almost identical “Monthly listeners”, “play counts”, upload dates, etc. It’s clearly a huge security breach they just won’t acknowledge or fix. I provided screenshots, Spotify doesn’t care.