- Gina Rodriguez slammed for promoting ‘American Dirt’ 12 Months Ago
- Netflix says ‘The Witcher’ is its biggest show. Is it really? 12 Months Ago
- Tulsi Gabbard sues Hillary Clinton for podcast comments Today 8:53 AM
- Lizzo reps Beyoncé’s Ivy Park collection in adult-themed TikTok Today 7:58 AM
- Netflix’s ‘Eye for an Eye’ is a fun but messy thriller about revenge Today 7:00 AM
- Which 2020 Democratic candidates post the most cringe? Today 6:30 AM
- The new ‘Hunger Games’ book paints President Snow as a hero—and people are not happy Tuesday 9:03 PM
- Influencer called out for ‘troubling image’ with Kenyan child Tuesday 8:18 PM
- Professor arrested for spending $185K of grant money on iTunes and strippers Tuesday 7:28 PM
- Man cuts his books in half to make them ‘portable,’ spurs online debate Tuesday 6:09 PM
- Fans defend Lana Del Rey after she was mocked for flying commercial Tuesday 5:10 PM
- Lady Gaga fans find alleged new song name in her website’s code Tuesday 4:42 PM
- Barstool Sports deletes anti-union tweets, blog post in settlement Tuesday 3:47 PM
- The ‘can have … as a treat’ meme has come full circle Tuesday 3:09 PM
- Joe Rogan says he’s voting for Bernie Sanders Tuesday 2:54 PM
Spotify users believe their accounts may have been compromised after noticing fake bands appear unexpectedly in their playlists, the BBC reports.
The incident began last December when users of the music streaming service began reporting that their accounts indicated that they had frequently listened to artists they’d actually never heard of.
The unknown bands have garnered thousands of streams from unsuspecting users and have potentially earned thousands of dollars in the process.
Some of the music groups’ names include “Bergenulo Five, Bratte Night, DJ Bruej and Doublin Night.” Their songs are as short as one minute long, often contain little to no lyrics, and feature “generic cover art, and short, non-descriptive song titles.”
A search by the BBC for any content from the artists’ outside of Spotify also returned “no fan pages, no concert listings, social media accounts or even photos of the actual musicians.”
Many Spotify users shared their confusion on Twitter after noticing the bands mysteriously appear among their top artists for the year 2018.
My @Spotify got hacked into this year, so I've no idea who DJ Echores or Bergenulo Five are... but "The Louder I Call, The Faster It Runs" by @wyeoak is seriously special.— Graeme - FossilArcade (@FossilArcade) December 10, 2018
Highly recommended to all high jackers and account thieves everywhere. pic.twitter.com/mo9moUbSRl
Although the BBC says that Spotify failed to respond to their initial inquiries about the issue, the fake bands all disappeared not long after the article was published.
A cybersecurity graduate who also experienced the problem speculated that the incident could be linked to access tokens, which, for example, allow a user to log into Spotify with their Facebook account.
Facebook announced in September 2018 that access tokens from up to 50 million accounts had been compromised, although the number was eventually lowered to 30 million.
Although Facebook says it canceled access token for all affected accounts at the time, experts suggest that some may have been overlooked, which could explain why Spotify accounts are being forced to generate streams and possibly revenue for fake bands.
Spotify eventually confirmed to the BBC that the unknown artists had been removed from the platform but declined to say whether they had been paid.
“We take the artificial manipulation of streaming activity on our service extremely seriously,” the company said. “Spotify has multiple detection measures in place monitoring consumption on the service to detect, investigate and deal with such activity.”
Spotify also denied that the suspicious activity was tied to Facebook access tokens but failed to explain how accounts had been accessed.
While many unknowns remain, it appears entirely likely that someone has made off with thousands of dollars in the fake band debacle.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.