39 votes

It sure looks like a hacking campaign messed up people's Spotify Wrapped

3 comments

  1. sparksbet
    Link
    It's very interesting that there doesn't seem to be any word from Spotify on this hack... very curious to see this one develop.

    It's very interesting that there doesn't seem to be any word from Spotify on this hack... very curious to see this one develop.

    7 votes
  2. [2]
    FluffyKittens
    Link
    This is almost certainly just stealers being used to grab Spotify access tokens for the purpose of stream count fraud. Seems like this instance reflects a relatively large-scale operation, but the...

    This is almost certainly just stealers being used to grab Spotify access tokens for the purpose of stream count fraud.

    Seems like this instance reflects a relatively large-scale operation, but the methodology is nothing new and doesn’t indicate any sort of vulnerability on Spotify’s end.

    5 votes
    1. RNG
      Link Parent
      I figure it might be the compromise of some 3rd party app (e.g., volt.fm) that has the permissions to stream on behalf of users. If so, should be straightforward for Spotify to tell who was...

      I figure it might be the compromise of some 3rd party app (e.g., volt.fm) that has the permissions to stream on behalf of users. If so, should be straightforward for Spotify to tell who was compromised. The attackers also could have just taken advantage of some quirk in Spotify's algorithm, and the content winds up getting played when people just leave their Spotify open for long periods.

      4 votes