- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
- A Missouri officer resigned after his Islamophobic Facebook posts surfaced Saturday 5:08 PM
- Adding ‘Triggered’ to stock photos of white men creates Netflix comedy special thumbnails Saturday 3:10 PM
- New restaurant in New York has a seriously unfortunate name: ‘Qanoon’ Saturday 1:38 PM
- These are the 10 best ‘Star Wars’ ships Saturday 12:41 PM
- Google Maps helped solve a decades-old missing persons case Saturday 12:27 PM
- Teen who plotted deadly swatting prank over Call of Duty argument gets prison time Saturday 11:58 AM
- RIP to the real star of ‘Stranger Things’: Steve Harrington’s mullet Saturday 11:04 AM
- People are sharing their wholesome stories with #Hey19YearOldMe Saturday 9:20 AM
- Review: The Joule is a pricey, sleek, easy-to-use entry into sous vide Saturday 8:00 AM
- How to stream Saints vs. Rams in NFL Week 2 action Saturday 8:00 AM
- How to stream Cowboys vs. Redskins in Week 2 action Saturday 7:30 AM
- How to stream Steelers vs. Seahawks in Week 2 NFL action Saturday 7:30 AM
- Netflix’s ‘Unbelievable’ examines the nature of victimhood and the long road to justice Saturday 7:30 AM
Spotify users believe their accounts may have been compromised after noticing fake bands appear unexpectedly in their playlists, the BBC reports.
The incident began last December when users of the music streaming service began reporting that their accounts indicated that they had frequently listened to artists they’d actually never heard of.
The unknown bands have garnered thousands of streams from unsuspecting users and have potentially earned thousands of dollars in the process.
Some of the music groups’ names include “Bergenulo Five, Bratte Night, DJ Bruej and Doublin Night.” Their songs are as short as one minute long, often contain little to no lyrics, and feature “generic cover art, and short, non-descriptive song titles.”
A search by the BBC for any content from the artists’ outside of Spotify also returned “no fan pages, no concert listings, social media accounts or even photos of the actual musicians.”
Many Spotify users shared their confusion on Twitter after noticing the bands mysteriously appear among their top artists for the year 2018.
My @Spotify got hacked into this year, so I've no idea who DJ Echores or Bergenulo Five are... but "The Louder I Call, The Faster It Runs" by @wyeoak is seriously special.— Graeme - FossilArcade (@FossilArcade) December 10, 2018
Highly recommended to all high jackers and account thieves everywhere. pic.twitter.com/mo9moUbSRl
Although the BBC says that Spotify failed to respond to their initial inquiries about the issue, the fake bands all disappeared not long after the article was published.
A cybersecurity graduate who also experienced the problem speculated that the incident could be linked to access tokens, which, for example, allow a user to log into Spotify with their Facebook account.
Facebook announced in September 2018 that access tokens from up to 50 million accounts had been compromised, although the number was eventually lowered to 30 million.
Although Facebook says it canceled access token for all affected accounts at the time, experts suggest that some may have been overlooked, which could explain why Spotify accounts are being forced to generate streams and possibly revenue for fake bands.
Spotify eventually confirmed to the BBC that the unknown artists had been removed from the platform but declined to say whether they had been paid.
“We take the artificial manipulation of streaming activity on our service extremely seriously,” the company said. “Spotify has multiple detection measures in place monitoring consumption on the service to detect, investigate and deal with such activity.”
Spotify also denied that the suspicious activity was tied to Facebook access tokens but failed to explain how accounts had been accessed.
While many unknowns remain, it appears entirely likely that someone has made off with thousands of dollars in the fake band debacle.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.