Protect yourself against hacking with Avast One
- Security
- Privacy
- Performance
Spotify is the most popular streaming service in the world, with hundreds of millions of monthly active users. So it’s no surprise that Spotify is a target for hackers. Keep reading to learn the signs that your Spotify account has been hacked and what you can do to recover it. Then, strengthen your online privacy and help prevent hacking with the comprehensive cybersecurity of Avast One.
There are multiple reasons why hackers target Spotify accounts. As a service with a premium subscription option, hackers may target accounts with Spotify Premium to use the features without paying. In some cases the hacker will allow the owner to retain access while using their account without permission. Or, hackers may change the password and upgrade the subscription tier, blocking the owner out of the account. Sometimes, account credentials can even be sold.
This Article Contains:
Because Spotify is the most popular streaming platform globally, with hundreds of millions of monthly active users, hackers have been known to hijack accounts to manipulate streaming numbers. By playing the same song on a loop, the number of streams for otherwise obscure tracks can significantly boost revenue for an artist.
But even free Spotify accounts are at risk. In these cases, the intention may be to collect information that can later be used for a phishing attack, or to gather logins and passwords that may be used across other accounts, such as email, Facebook, or other social media.
Hackers have also been known to access the accounts of high-profile artists as a way to make a political statement or cause chaos.
In 2020, the BBC reported that the profiles of multiple artists, including Lana Del Rey and Dua Lipa, were attacked. The hacker, known as Daniel, posted messages in support of Donald Trump and Taylor Swift and replaced the channel artwork with a picture of his Snapchat icon.
In October 2021, as detailed by NME, the Spotify profile of rapper Tekashi 6ix9ine was hacked. The incident drew intense interest from media and music fans alike due to the obscene imagery that was uploaded to the account.
Unless you have been locked out of your account, it might not be immediately obvious that you have been hacked. If you notice any of the following, your account may have been breached:
Playlists changing or not showing up
Music playing randomly
Your “Recently Played” list shows unfamiliar songs
Notifications about suspicious activity
Unknown social accounts connecting to your account
Unauthorized subscription changes
You've been logged out on all your devices
Your login details aren’t working
Any signs of suspicious activity should be investigated as soon as possible. The first thing to do is to check the status of your account to make sure your email address or subscription plan has not been changed.
Log into your account.
Click Settings.
Go to Account.
Check that your email address has not been changed.
If your contact information has been changed, you should contact Spotify’s support team directly.
Log into your account.
Click Settings.
Go to Account.
Select Receipts to see if your subscription has changed.
If your subscription has been altered without your knowledge, contact Spotify’s support team directly.
Here’s what to do if you still have access to your account but suspect it has been hacked.
The first and most important step to recover your hacked account is to change the password. Here’s how to reset your Spotify password:
Go to the Spotify Password Reset page.
Enter your username or email address and click send.
Spotify will send a reset code via email.
Open the link and choose a strong, unique password.
If you reused your original Spotify password on other accounts, you should also reset these passwords, choosing a new and unique password for each of your accounts.
You likely use your Spotify account on multiple devices — phones, tablets, smart speakers, your car, etc. Make sure you are signed out of each of these devices. Without your new password, your unwanted users will be kicked out. Be aware that this may take up to an hour.
Here’s how to log out of all devices connected to your Spotify account:
Log into your account.
Click Settings.
Go to Account Overview.
Click Sign out everywhere.
Spotify allows you to connect third-party services to your account. If these remain signed in, a hacker could still have access to your account.
Here’s how to disconnect social media accounts and other apps from your Spotify account:
Log into your account.
Click Settings.
Go to Account.
Click Apps, then click Remove Access next to all of them.
Once you have removed access, you can reconnect the ones that you currently use. If you are removing your social channels, make sure you change your passwords for these accounts before reconnecting them.
If your Spotify username or password has been changed, you should contact Spotify’s support team directly.
The recovery process can be quite slow, and you may need to provide documentation to prove your identity and demonstrate that the account is yours. Once your identity is confirmed, Spotify can return your account to you.
If, after regaining control of your account, you find that your playlists are missing, don’t panic! There is a simple method for recovering deleted Spotify playlists:
Log into your account.
Click Settings.
Go to Account.
Click Recover playlists.
In 2020, hackers used a type of brute force attack known as “credential stuffing” to gain access to around 350,000 Spotify accounts. Credential stuffing is a hacking attack that involves testing a username and password that works for one website or application on other sites and apps. If a person has used the same login credentials on multiple accounts, a hacker can gain access to those other accounts.
That’s one reason why it’s so important to use strong, unique passwords to protect your accounts. This is even more important on Spotify, because the platform does not offer two-factor authentication. Using a password manager is a great way to keep track of all your passwords.
To minimize the chances of a hacking incident, never share your account. Sharing your sign-in details to allow friends to access your account increases the risk of a security breach, because you no longer control the number of devices that have access to your login details.
It is not safe to download or access modified apps, including Spotify mod APKs that claim to offer free Spotify Premium features. These are often scams that use unofficial Spotify clients to trick you into sharing personal information or installing unsafe software onto your device.
Only install Spotify from official, trusted sources, and make sure you have security software in place to prevent a malware infection.
Phishing is a common scam that hackers use to steal people’s personal information. In a phishing attack, you may get an email that appears to be from Spotify, claiming there are issues with your account and encouraging you to click through to verify your details.
But if you click the link, you may end up sending your login details or other personal information directly to the hackers. Spotify will not ask you for personal information in their communications, and emails will always come from an @spotify.com address.
If you have any suspicions at all about an email you have received, do not click any links. Instead, verify the status of your account directly through the Spotify app or website.
Your online life is increasingly interconnected, with services like Spotify that run across multiple devices. That’s why it’s so important to use comprehensive cybersecurity that can protect your personal information and help you stay safe online.
Avast One packs a collection of tools to help you prevent phishing, block malware, and protect against online scams. Install Avast One today — completely free.