Spotify pages for Dua Lipa, Lana Del Rey, Future & others were defaced by an attacker pledging his love for Taylor Swift & Trump.
In the middle of its popular Spotify Wrapped 2020 playlist rollout of the year’s most popular songs, the streaming service is deaing with a security breach, which affected the pages of some of its biggest stars, including Lana Del Rey, Dua Lipa, Future, Pop Smoke & others.
Spotify is the most popular music streaming service in the world with 320m users, says the company.
The target of this attack, says the BBC, was a Spotify site specifically for musicians & their labels, called Spotify for Artists. The site is password-protected to allow only artists & their teams to make changes to the pages. The attacker seemingly bypassed those protections.
The malicious player called himself “Daniel” & used the pop stars’ pages to ask people to follow him on Snapchat, adding “Trump 2020,” to the message. Daniel also used the stunt to pledge his love to 1 pop star in particular: “Best of all shout out to my queen Taylor Swift,” he wrote.
Users shared images of the hijacked pages on Twitter, including this one for Lana Del Rey where Daniel swapped out Lana’s photo for Taylor’s.
Future’s Spotify page featured what is presumably a pic of Daniel listening to Pop Smoke’s page. Images of both takeovers were posted to Twitter by users who generally thought the scam was more funny than dangerous.
The pages appear to have been restored, but Spotify has not responded to requests for comment to confirm that the breach is contained.
Tim Mackey, who is a principal strategist with Synopsys, warned users to take breaches like these seriously — even if their mastermind is a teen punk motivated by a crush on Taylor Swift.
“While the details of what weaknesses in Spotify’s security practices remain unknown, the attack highlights an important aspect of all cyberattacks – the attackers define the rules of their attack,” Mackey observed. “In this case, vandalism is an obvious component, but it could also be but one aspect of their ultimate goal.”
Mackey commented that due to the lack of information from Spotify about the breach, users should review their passwords & security protections for the app.
Reports of the breach came on the same day the streaming service announced its popular ‘2020 Wrapped’ list of the most popular songs & podcasts streamed this year, meaning that one of its most high-profile annual promotions will have to compete with headlines about the security lapse.
The news also comes after account-takeover reports last week. It is a situation Mackey outlined should serve as a teachable moment for businesses in any sector.
“Businesses seeking to learn from this incident should ask themselves how quickly they would be able to identify if they had fallen victim to a similar defacement effort,” Mackey advises. “If the answer isn’t affirming, then a review of audit & monitoring practices is in order, along with a review of incident-response planning.”