I was listening to music on my Spotify account on my way to work when suddenly the sound stopped.
I looked at my phone screen to see that ‘Anna’s phone’ was now somehow connected to my Spotify and playing her music on my account.
While I couldn’t hear what was playing, I could see it and could see whoever now had control of my account flipping through songs.
I shut Spotify and opened it again and it was back to my account but under ‘recently played’ and ‘popular playlists’ was the list of, presumably, the hacker’s music, rather than my own.
Spotify users have reported that their accounts have been hacked & they have lost control of it
Thinking of it as odd, I ignored it but just two days later, when I opened Spotify, it said that I was listening to music through a laptop on Chrome.
I definitely wasn’t and I couldn’t get rid of the person on my account this time. How was someone able to get access to my account? And what can I do about it?
Grace Gausden, This is Money, replies: You were shocked you found someone else had access to your Spotify account.
This is a premium account which you currently have as a sixth month free trial – it usually costs £9.99 a month and means you don’t have to listen to any adverts. To register, you need to input your card details.
With someone else accessing it, it meant you were unable to listen to your music and could only watch as someone scrolled through their music choices – but on your account.
After closing and reopening the app, you had fortunately gained control but the other persons music was now displayed all over your playlists, rather than your own.
Your preferences of pop, dance and rock were replaced with heavy trance music, Swedish rap and alternative rap.
Then, just two days later, it happened again. You contacted Spotify who advised that you changed your password.
However, you advised that you changed your password the first time that your account was taken over and just two days later, someone else – or the same person – had managed to access it again.
You then spoke to an adviser online who managed to do a reset on your account, to a time before the hacker had gained access, meaning that whilst you lost some downloaded music, you were back in control of your own account.
Users have found their playlists have been replaced by someone else’s after being hacked
Unfortunately it seems like you are not the only person to have found themselves in this situation.
The streaming giant – founded in Sweden in 2006 and how with 217million users – has a section on its website on its support pages named ‘someone has taken over my account’, suggesting this is not the first time someone has had this problem.
Aside from advising users to change their Spotify password, it also suggests customers change their password for every other account that could be associated with Spotify, for example, Facebook and email.
This is no doubt a concern as it suggests that hackers would not only be able to access your music collection but also your other personal details online.
For those who are still experiencing the same problem after changing their password, Spotify advises users to get in touch with them. As in your case, they will then try and restore access to your account.
It also tells users to remove access to any third party devices and log out after using Spotify on any public devices.
Luckily, after you asked Spotify to get involved, they did manage to return your account to you but there is still the worry that someone, somehow, will manage to get access again.
Your usual playlists of pop, including Lana Del Rey, were replaced with alternative rap & trance
A spokesperson for Spotify replies: Our internal investigation has indicated to us that Spotify is not connected to the unauthorised user gaining access to your credentials.
However, the most probable and common explanation is that the unauthorised user was able to obtain or derive your credentials based on information exposed in a previous data breach, likely to have occurred on another platform or service.
So called ‘bad actors’ exploit information disclosed in previous data breaches to crack user credentials on new accounts through ‘credential stuffing’ and other brute force attacks.
We recommend that you check that site to see if the email address associated with your Spotify account has been reported as involved in previous breaches on other sites.
Please also be assured that any unauthorised user would not have had access to your full payment information even if they had access to your Spotify account.
Please rest assured that we take our customers’ privacy very seriously and have implemented significant technical and organisational measures to protect the security and integrity of personal data in Spotify systems.
We also process and store only the hashed values of users’ passwords, so customer passwords in clear text are simply not available to any person through access to Spotify systems.
One Twitter user said not only was his account taken over but his password was also changed
Another user noticed that ‘random people’ kept taking over her phone with their music
Some people found that after their account had been accessed, their details weren’t working
Someone found her Spotify account had been taken over by someone on another continent
Another person noticed someone was using her account after music popped up she hadn’t listened to
Grace Gausden, This is Money, adds: It is reassuring to know that hackers have no access to payment information on users accounts meaning that your money is safe at least – even if you’re not getting the service that you’ve paid for.
However, other people who have been affected by hacking have taken to social media to voice their frustration with the company.
Even though it seems that Spotify have been able to help people quickly recover their accounts, they are blaming data breaches for all of the accounts being hacked.
This seems strange as after you changed your password to a more complex one that you hadn’t used before, a hacker was still able to gain access.
Spotify also didn’t address whether it was able to identify who was doing the hacking.
For anyone who suspects that their Spotify account has been accessed by someone else, they should change their passwords immediately and then get in touch directly with Spotify to see if they can prevent it happening again.
Another way to check if you’re vulnerable is by tapping in your email address at website haveibeenpwned.com which tells you if your details have been breached and potentially sold on the dark web.
Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.