This is almost certainly just stealers being used to grab Spotify access tokens for the purpose of stream count fraud. Seems like this instance reflects a relatively large-scale operation, but the...
This is almost certainly just stealers being used to grab Spotify access tokens for the purpose of stream count fraud.
Seems like this instance reflects a relatively large-scale operation, but the methodology is nothing new and doesn’t indicate any sort of vulnerability on Spotify’s end.
I figure it might be the compromise of some 3rd party app (e.g., volt.fm) that has the permissions to stream on behalf of users. If so, should be straightforward for Spotify to tell who was...
I figure it might be the compromise of some 3rd party app (e.g., volt.fm) that has the permissions to stream on behalf of users. If so, should be straightforward for Spotify to tell who was compromised. The attackers also could have just taken advantage of some quirk in Spotify's algorithm, and the content winds up getting played when people just leave their Spotify open for long periods.
It's very interesting that there doesn't seem to be any word from Spotify on this hack... very curious to see this one develop.
This is almost certainly just stealers being used to grab Spotify access tokens for the purpose of stream count fraud.
Seems like this instance reflects a relatively large-scale operation, but the methodology is nothing new and doesn’t indicate any sort of vulnerability on Spotify’s end.
I figure it might be the compromise of some 3rd party app (e.g., volt.fm) that has the permissions to stream on behalf of users. If so, should be straightforward for Spotify to tell who was compromised. The attackers also could have just taken advantage of some quirk in Spotify's algorithm, and the content winds up getting played when people just leave their Spotify open for long periods.