- Noom is a weight loss program that prioritizes your mental health 2 Months Ago
- Shane Dawson once joked about ejaculating on his cat—and people are furious 2 Months Ago
- Rep. Steve King posts Civil War fantasy meme—accidentally mocks own state Today 8:41 AM
- Gaming company Valve removed tributes to Christchurch shooter Today 8:39 AM
- The best new bands at SXSW 2019 Today 8:00 AM
- You can watch DC Universe’s acclaimed original shows for free Today 6:28 AM
- Ximena Sariñana talks capturing feminine energy on her latest album Today 6:00 AM
- The power of parasocial relationships in the age of loneliness Today 6:00 AM
- How to get started with WhatsApp on desktop Today 5:30 AM
- Netflix will remove controversial disaster footage from ‘Bird Box’ Sunday 4:04 PM
- J.K. Rowling’s latest ‘Fantastic Beasts’ reveal is bringing the memes Sunday 3:01 PM
- President Trump calls for government agencies to ‘look into’ ‘Saturday Night Live’ Sunday 12:18 PM
- How to stream Michael Conlan vs. Ruben Garcia Hernandez for free Sunday 11:00 AM
- ‘Pet Sematary’ is a bloodless remake of a Stephen King classic Sunday 10:50 AM
- Here’s the Marvel movie order list you didn’t know you needed Sunday 9:59 AM
Experts suspect hack after Spotify accounts forced to stream fake bands
Is someone earning thousands of dollars by generating listens for fabricated artists?
Spotify users believe their accounts may have been compromised after noticing fake bands appear unexpectedly in their playlists, the BBC reports.
The incident began last December when users of the music streaming service began reporting that their accounts indicated that they had frequently listened to artists they’d actually never heard of.
The unknown bands have garnered thousands of streams from unsuspecting users and have potentially earned thousands of dollars in the process.
Some of the music groups’ names include “Bergenulo Five, Bratte Night, DJ Bruej and Doublin Night.” Their songs are as short as one minute long, often contain little to no lyrics, and feature “generic cover art, and short, non-descriptive song titles.”
A search by the BBC for any content from the artists’ outside of Spotify also returned “no fan pages, no concert listings, social media accounts or even photos of the actual musicians.”
Many Spotify users shared their confusion on Twitter after noticing the bands mysteriously appear among their top artists for the year 2018.
Highly recommended to all high jackers and account thieves everywhere. pic.twitter.com/mo9moUbSRl
— Graeme – FossilArcade (@FossilArcade) December 10, 2018
Although the BBC says that Spotify failed to respond to their initial inquiries about the issue, the fake bands all disappeared not long after the article was published.
A cybersecurity graduate who also experienced the problem speculated that the incident could be linked to access tokens, which, for example, allow a user to log into Spotify with their Facebook account.
Facebook announced in September 2018 that access tokens from up to 50 million accounts had been compromised, although the number was eventually lowered to 30 million.
Although Facebook says it canceled access token for all affected accounts at the time, experts suggest that some may have been overlooked, which could explain why Spotify accounts are being forced to generate streams and possibly revenue for fake bands.
Spotify eventually confirmed to the BBC that the unknown artists had been removed from the platform but declined to say whether they had been paid.
“We take the artificial manipulation of streaming activity on our service extremely seriously,” the company said. “Spotify has multiple detection measures in place monitoring consumption on the service to detect, investigate and deal with such activity.”
Spotify also denied that the suspicious activity was tied to Facebook access tokens but failed to explain how accounts had been accessed.
While many unknowns remain, it appears entirely likely that someone has made off with thousands of dollars in the fake band debacle.
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.