Avast Academy Security Hacking What to Do If Your Spotify Account Gets Hacked

What to Do If Your Spotify Account Gets Hacked

Spotify is the most popular streaming service in the world, with hundreds of millions of monthly active users. So it’s no surprise that Spotify is a target for hackers. Keep reading to learn the signs that your Spotify account has been hacked and what you can do to recover it. Then, strengthen your online privacy and help prevent hacking with the comprehensive cybersecurity of Avast One.

Editors' choice
Top Rated
Written by Crissy Joshua
Published on June 16, 2023

Why are Spotify accounts being hacked?

There are multiple reasons why hackers target Spotify accounts. As a service with a premium subscription option, hackers may target accounts with Spotify Premium to use the features without paying. In some cases the hacker will allow the owner to retain access while using their account without permission. Or, hackers may change the password and upgrade the subscription tier, blocking the owner out of the account. Sometimes, account credentials can even be sold.

Hamburguer menu icon

This Article Contains :

    Because Spotify is the most popular streaming platform globally, with hundreds of millions of monthly active users, hackers have been known to hijack accounts to manipulate streaming numbers. By playing the same song on a loop, the number of streams for otherwise obscure tracks can significantly boost revenue for an artist.

    But even free Spotify accounts are at risk. In these cases, the intention may be to collect information that can later be used for a phishing attack, or to gather logins and passwords that may be used across other accounts, such as email, Facebook, or other social media.

    Attacks on Spotify artists

    Hackers have also been known to access the accounts of high-profile artists as a way to make a political statement or cause chaos.

    In 2020, the BBC reported that the profiles of multiple artists, including Lana Del Rey and Dua Lipa, were attacked. The hacker, known as Daniel, posted messages in support of Donald Trump and Taylor Swift and replaced the channel artwork with a picture of his Snapchat icon.

    In October 2021, as detailed by NME, the Spotify profile of rapper Tekashi 6ix9ine was hacked. The incident drew intense interest from media and music fans alike due to the obscene imagery that was uploaded to the account.

    How do I know if my Spotify account has been hacked?

    Unless you have been locked out of your account, it might not be immediately obvious that you have been hacked. If you notice any of the following, your account may have been breached:

    • Playlists changing or not showing up

    • Music playing randomly

    • Your “Recently Played” list shows unfamiliar songs

    • Notifications about suspicious activity

    • Unknown social accounts connecting to your account

    • Unauthorized subscription changes

    • You've been logged out on all your devices

    • Your login details aren’t working

    Check your account information

    Any signs of suspicious activity should be investigated as soon as possible. The first thing to do is to check the status of your account to make sure your email address or subscription plan has not been changed.

    Review your contact information

    1. Log into your account.

    2. Click Settings.

    3. Go to Account.

    4. Check that your email address has not been changed.

    If your contact information has been changed, you should contact Spotify’s support team directly.

    How to locate contact information in Spotify’s Account Settings

    Review your receipts and subscription plan

    1. Log into your account.

    2. Click Settings.

    3. Go to Account.

    4. Select Receipts to see if your subscription has changed.

    If your subscription has been altered without your knowledge, contact Spotify’s support team directly.

    How to locate receipts in Spotify’s Account Settings.

    What to do if your Spotify account has been hacked

    Here’s what to do if you still have access to your account but suspect it has been hacked.

    Reset your password

    The first and most important step to recover your hacked account is to change the password. Here’s how to reset your Spotify password:

    1. Go to the Spotify Password Reset page.

    2. Enter your username or email address and click send.

    3. Spotify will send a reset code via email.

    4. Open the link and choose a strong, unique password.

    How to request a Spotify Password Reset email.

    If you reused your original Spotify password on other accounts, you should also reset these passwords, choosing a new and unique password for each of your accounts.

    Log out of connected devices

    You likely use your Spotify account on multiple devices — phones, tablets, smart speakers, your car, etc. Make sure you are signed out of each of these devices. Without your new password, your unwanted users will be kicked out. Be aware that this may take up to an hour.

    Here’s how to log out of all devices connected to your Spotify account:

    1. Log into your account.

    2. Click Settings.

    3. Go to Account Overview.

    4. Click Sign out everywhere.

    Clicking Sign out everwhere logs you out of your Spotify account on all devices

    Disconnect social accounts and apps

    Spotify allows you to connect third-party services to your account. If these remain signed in, a hacker could still have access to your account.

    Here’s how to disconnect social media accounts and other apps from your Spotify account:

    1. Log into your account.

    2. Click Settings.

    3. Go to Account.

    4. Click Apps, then click Remove Access next to all of them.

     How to remove third-party app access via Spotify’s Account Settings.

    Once you have removed access, you can reconnect the ones that you currently use. If you are removing your social channels, make sure you change your passwords for these accounts before reconnecting them.

    How to recover a hacked Spotify account

    If your Spotify username or password has been changed, you should contact Spotify’s support team directly.

    The recovery process can be quite slow, and you may need to provide documentation to prove your identity and demonstrate that the account is yours. Once your identity is confirmed, Spotify can return your account to you.

    How to recover your playlists

    If, after regaining control of your account, you find that your playlists are missing, don’t panic! There is a simple method for recovering deleted Spotify playlists:

    1. Log into your account.

    2. Click Settings.

    3. Go to Account.

    4. Click Recover playlists.

    How to recover deleted playlists in Spotify’s Account Settings.

    How to protect your Spotify account from hackers

    Set a strong, unique password

    In 2020, hackers used a type of brute force attack known as “credential stuffing” to gain access to around 350,000 Spotify accounts. Credential stuffing is a hacking attack that involves testing a username and password that works for one website or application on other sites and apps. If a person has used the same login credentials on multiple accounts, a hacker can gain access to those other accounts.

    That’s one reason why it’s so important to use strong, unique passwords to protect your accounts. This is even more important on Spotify, because the platform does not offer two-factor authentication. Using a password manager is a great way to keep track of all your passwords.

    Do not share your account

    To minimize the chances of a hacking incident, never share your account. Sharing your sign-in details to allow friends to access your account increases the risk of a security breach, because you no longer control the number of devices that have access to your login details.

    Only use official clients

    It is not safe to download or access modified apps, including Spotify mod APKs that claim to offer free Spotify Premium features. These are often scams that use unofficial Spotify clients to trick you into sharing personal information or installing unsafe software onto your device.

    Only install Spotify from official, trusted sources, and make sure you have security software in place to prevent a malware infection.

    Watch out for phishing scams

    Phishing is a common scam that hackers use to steal people’s personal information. In a phishing attack, you may get an email that appears to be from Spotify, claiming there are issues with your account and encouraging you to click through to verify your details.

    But if you click the link, you may end up sending your login details or other personal information directly to the hackers. Spotify will not ask you for personal information in their communications, and emails will always come from an @spotify.com address.

    If you have any suspicions at all about an email you have received, do not click any links. Instead, verify the status of your account directly through the Spotify app or website.

    Secure your accounts with Avast

    Your online life is increasingly interconnected, with services like Spotify that run across multiple devices. That’s why it’s so important to use comprehensive cybersecurity that can protect your personal information and help you stay safe online.

    Avast One packs a collection of tools to help you prevent phishing, block malware, and protect against online scams. Install Avast One today — completely free.

    Protect yourself against hacking with Avast One

    Free install

    Protect yourself against hacking with Avast One

    Free install
    Crissy Joshua