Spotify accounts have become extremely valuable digital assets for cybercrime networks, warn security experts from Eset. According to an article published on the company's blog in Romania, these accounts are frequently trafficked on the dark web, but also in obscure networks on Telegram, where they are sold in packages, at minuscule prices compared to legitimate subscriptions. The Spotify platform, the world's largest music streaming service, has almost 700 million active users, of which 265 million are premium subscribers - a huge volume of potential targets for phishing attacks and other forms of digital fraud. "Compromised Spotify accounts give criminals access to personal data, payment details, listening habits and connections to social networks or other online services, thus opening the door for identity theft and social engineering attacks," warns Eset.
• Streaming Fraud: Stolen Accounts to Generate Money from Fake Plays
In addition to selling stolen accounts, hackers also use them to generate artificial plays of songs, a practice known as "streaming fraud." Networks of compromised accounts repeatedly play certain songs, thereby increasing the number of plays and generating fraudulent royalties. According to fraud detection platform Beatdapp, over 10% of all song plays are suspected to be fraudulent, which generates losses of up to $3 billion annually for the global music industry.
• How do you know if your account has been compromised?
Eset specialists point out some clear signs that may indicate a compromised Spotify account: Phishing emails that mimic official notifications, suggesting payment or subscription issues; Fake apps that promise free Spotify Premium or extended features; Unexpected changes to your account settings: changed subscription plan, changed email address or payment details; Unknown playlists or strange songs in your play history; Suspicious devices and locations in your account's "Active devices" section; Frequent logouts from the app, a sign that someone else is using your account.
• What to do if your account has been stolen
If you suspect you have been the victim of an attack, the recommended steps are: Log out of all devices in your account settings; Change your password immediately; Check and revoke access to unknown or unused third-party applications; Contact Spotify official support to report the incident and request additional security measures.
The tendency to reuse passwords and the lack of two-step authentication facilitate these attacks. Therefore, Eset recommends using password managers, unique and complex passwords, and enabling multifactor authentication (MFA) whenever possible.