Maybe Spotify Isn’t as Reliable as We Thought

I don’t know if people are just really bored and have just been hacking Spotify Premium accounts or if it’s Spotify’s annual hacking issues. I just know I’m not the only one who’s been hacked in the past months. Extensively stifling through social media and chat forums suggests that there’s been a considerable increase in users reporting their Spotify Premium accounts have indeed been “hacked”.

This is no new issue. In 2018, Facebook revealed a breach in its servers which affected over 50 

million users. The same access token system can be used to login to Spotify if it’s linked to your Facebook. This seemed like a good idea but is prone to security risks on multiple social media platforms like Facebook. Before this, in 2016, hundreds of Spotify’s usernames and passwords were publicly accessible on Pastebin, which means hackers had access to user credentials even before the breach.

It definitely seems odd that a company as big as Spotify with over 268 million monthly active users, and 130 million premium subscribers,  would be akin to these many security issues. News websites such as the New York Times, Vulture, and Forbes, have speculated whether something more sinister might be at play? 

Well, maybe there is… 

According to a BBC article, ever since Spotify allowed independent artists to upload their music onto the platform without the inclusion of music labels in September 2018, there’s been an uproar of suspicious activity on the server. Artists with no prior music history or digital presence were racking up thousands of streams. Since Spotify’s algorithm provides earnings based on the number of streams an artist generates, things start making sense.  

The user’s names include Bergenulo Five, Bratte Night, DJ Bruej, Hundra Ao, Funkena, and Doublin Night. All had mainstream beats with no lyrics, basic cover art, and non-descriptive song titles. Many have snuck on top popular playlists and streamed their own music through user’s accounts. Many listeners complained that they had never searched or even played music from these artists, but their streaming history referred to as their ‘recently played’ list,  suggested otherwise. 

Bergenulo Five was a fairly popular “fake artist” from the list pertaining to what might be called the “mysterycore” genre. They initially had two albums titles: Sunshine Here and Hit It Now. Each of the songs was about a minute or two short with single-worded titles. After a Reddit, Twitter, and Last FM outrage on fan pages, Spotify stepped in, but only after they presumably racked up about $500 to $600 (about £380 to £460) from 60,000 streams according to BBC. 

Since then, most of these users have been removed from the platform. Spotify confirmed the aforementioned in a statement to BBC but haven't disclosed whether the servers were hacked or not. 

“These artists were removed because we detected abnormal streaming activity in relation to their content. We take the artificial manipulation of streaming activity on our service extremely seriously. Spotify has multiple detection measures in place monitoring consumption on the service to detect, investigate and deal with such activity. We are continuing to invest heavily in refining those processes and improving methods of detection and removal, and reducing the impact of this unacceptable activity on legitimate creators, rights holders and our users.”

Another instance of “fake artists” or scammers gaming the system by faking collabs with famous artists was thoroughly tracked in an article by OneZero. If you’ve been using Spotify for a while now, you know that most artists have a “this is” (followed by their name) playlist. I usually use these when I initially discover or need to find more songs from a particular artist. However, if you listen to tracks 12, 14, and 16 on “This Is Lil Loaded” list, Lil Loaded is mentioned as a  featured artist but he’s not on them at all. Instead, you’ll find an entirely different artist who goes by “Wali Da Great.”

He takes full advantage of Spotify handles their music uploads and metadata to scam his way onto these playlists to get more streams on his music from 2018 to date. If you search his name on Spotify, it seems like he has more songs in the last two years than Taylor Swift does in her entire career, with “fake” features from artists like Tay-K for entire albums which is still available on Spotify’s library. Whereas, fake features from Blueface and up-and-comers such as NFL Toon listed as artists on the tracks have now been removed. He finessed the algorithm by cut-and-pasting a verse or two from old tracks. But when questioned on his authenticity, Wali Da Great claims he was “good friends” with Tay-K and suggested he had permission from the rapper to release the music. As far fetched as this sounds, most of the Tay K songs are still up on Wali’s page but it seems Spotify has separated these tracks from Tay K’s real profile page. 

People have gone to some extreme lengths to inflate their streaming numbers and it shows, but this method has largely flown under the radar: fake accounts on Spotify and Apple Music where aliases were being used to release famous artists’ unreleased songs or scraps from old ones. This is how the process works: Artists who choose to upload independently often use distribution companies like TuneCore or DistroKid which cash out via Paypal or similar systems. Both operate on a two-month and three-month delay respectively and generally stipulate that the users must agree to not distribute copyrighted music, but there are always ways around that; they just lie. 

An investigation by Pitchfork suggests that artists such as Beyoncé, SZA, Rihanna, Kid Cudi, Playboy Carti, and Lil Uzi Vert were among the list of artists whose work was illegitimately repurposed by scammers. Queen Carter and Sister Solana were “alter egos” to Beyoncé and SZA respectively. Fans were shocked with the surprise drop but quickly noticed many of the Beyoncé recordings came from old sessions, and the SZA songs sounded like unfinished demos. The odd thing is that all these fake releases have actually crept up the charts like this: 

“One leaker told Pitchfork that they were paid upwards of $60,000 in royalties this year by DistroKid and TuneCore, after uploading unreleased tracks by artists including Playboi Carti and Lil Uzi Vert onto Spotify and Apple Music… while much of the music was later removed, the documents viewed by Pitchfork indicate that royalties were still paid out, as much as $10,000 at a time”. 

Similarly, when a fake Rihanna album called Angel was uploaded to Apple Music and Itunes in March 2019, it made it to No.67 on the iTunes worldwide albums chart under the alias “Fenty Fantasia.” Playboy Carti’ and Young Nudy’s  “Pissy Pamper / Kid Cudi”  topped the U.S. Viral 50 Chart with upwards of two million streams under the artist name Lil Kambo before it was removed from the library. Imagine how much they made from tracks like this.

This was a game-changer for the music industry and the artists, but I got to admit, the names are quite creative. It’s not a shocker that senior executives in places like Music Business Worldwide are wondering if Spotify itself may be behind all this drama. How can one server have these many security breaches and more? 

Honestly, it’s not just hackers and scammers financially gaming Spotify or Apple music servers, but major corporations like Sony Music who are playing the services at its own game. A report by RollingStone, suggests that Sony “appears to be adopting an ‘if you can’t beat ’em, join ’em’ approach.” Sony Music UK advertised their Sleep & Mindfulness Thunderstorms Playlist on Apple Music and Spotify. The tracks on Spotify contain over 990 tracks, adding up to more than 18 hours of audio in short minute-long continuous segments. They optimize Spotify’s payout scheme; if the user listens to it for more than 30 seconds, they generate revenue. With a continuous playlist and tracks cut into as many possible phrases. It’s actually genius especially because it’s a playlist you just leave on and sleep too. To sum it up, Sony’s capitalizing on its brand name and extensive marketing department to push the playlist practically everywhere, using a carefully calibrated title for search optimization, and waiting for the cash just to *roll in *. 

With all the drama and security issues that Spotify goes through so frequently, I don’t mind finding an alternative service, especially if that means my account and personal details will be safe from scammers and hackers. I might just hop back onto Apple Music.

I think the only possible resolution to all the hacking and security issues would be implementing Two-Factor Authentication support for the streaming service which honestly gives me DUO nightmares, but at least my account won’t be overrun by hackers in Vietnam or Russia. 

If you think your account has been hacked, click here for support.