In the last 48 hours, while I am writing this post, my Spotify account was compromised. More specifically, a specific Playlist with up to 3.000 songs I manage since 2012 got 5/6 of the songs removed. When I found this out, I started writing a Twitter thread, thinking that I could help more people facing this situation and that there was not much information out there.
First, let me explain a little why this Playlist is important to me and how I ended up discovering thousands of songs had disappeared. This Playlist (named Make This Party Great Again) is the one I use to include any song I may like. Instead of managing several Playlists, I have a single one of my own, while I follow other Playlists from other people. Then, for 5 years, I’ve reached approximately 3.000 songs it took me years to discover.
2 Days ago, while using the Shuffle Mode on this Playlist, I started listening to songs I didn’t recognize. Perhaps I had included them a long long time ago and I just didn’t remember. But then I realized this was not the case when I saw it was not one just song. From 10 songs in the row, I only recognized one or two.
In order to find out what was going on, I went to my computer to take a look to who had included all these songs. I organized my playlist by the name of the user that had included them and just removed all from which I didn’t know the user behind them. When doing this, I saw that the size of my Playlist was now 500 songs. I passed of having 3.000 songs to only 500. This means that this user I didn’t know anything about not only had included new music but also removed songs I included all these years.
The backup: 2 hours or 1 month before
Doing some Google research, I discovered that it was possible to backup a Playlist. You can use http://www.spotmybackup.com/. With this tool, you will login to your Spotify account and generate a JSON file with all songs from any Playlist you own. You can import and export this file as many times that you want. The thing of this solution is that backups are not retroactive. This means that doing a backup 2 days ago would not make me recover all deleted songs.
So I continued doing some research and hopefully I discovered that there are different reasons for which a user may loose songs from their playlists and Spotify provides support for this. So I reached @SpotifyCares in Twitter. They’ve helped me several times in the past. This time, I explained the situation. They asked me some information in order to know it was me and not other person. With that, they were able to restore the songs of my Playlist as 2 hours before my first request.
What happened is that all songs I had manually removed were there again. So, in a second request, I asked them if it was possible to do the same thing, reverting the status of my Playlist to 5 days ago. What I discovered was that there were a lot of songs I didn’t know and hundreds of songs missing. This means that the user doing this had been engaging with my Playlist for a few days and not a few hours.
The final solution I suggested in my third request was to revert and try to recover the songs of exactly one month before. While I would loose all songs included in the last 30 days, it was a good solution for me. The problem would be that in the next 24 hours, I would face exactly the same problem.
Terrystunes destroyed my Collaborative Playlist
One day after having solved this issue, I started not recognizing songs from my Playlist again. As I understood the problem, I took note on who was behind this time. Terrystunes was the name of the user. I did some Google and Twitter research and this is what I found.
As you can see, this user had no profile picture nor recent activity. In Google I found one thread in the Spotify Community created one hour before of someone reporting the same problem and in which Terrystunes was mentioned. So at this time I had the chance of including more details in my report when reaching out Spotify Support.
When talking with @SpotifyCares via Twitter, I included more information this time. I mentioned that it had happened exactly the same thing 24 hours before. Then, for security reasons, they escalated my case to another team that would reach me out via e-mail.
The final solution
This morning I received an e-mail in which they asked me to log-out from any device and confirm them as soon as this was done. Afterwards they disabled my account for security reasons. Later they responded to me, asking me to change my password through an URL they provided and restoring my playlist songs to one month ago.
While all this solved my problem, I wanted to share my experience and how did I solve it step by step. In the Spotify Community report me and other users filed, a moderator told us that they would take action against the user that caused this:
Regarding the Spotify user responsible for this, we’ll make sure the situation is escalated to the right team and addressed accordingly.Mario – Spotify Community Moderator
Also, after having this issue, the reason why all this happened is that My Playlist was Collaborative and Public. When being Collaborative, any user would add and remove songs. What happened between the first and the second attempt of compromising my Playlist was that when Spotify reverted the Playlist to the state of one month ago, it was as Collaborative and Public. I had to manually disable this option in order to other users not doing changes. This is something I mentioned to both Spotify Support and Spotify Community Moderator:
Be aware about this: When Spotify reverts the Playlist to a previous status, it becomes Collaborative, that is what caused the problem at first. In my case, I already switched it manually to non-collaborative, but not all users will pay attention to this detail. If this is not changed by the user, the Playlist will be vulnerable and the problem will happen again. That’s why happened to me twice this week.Daniel Afanador in Spotify Community Report
While I solved my problem, needless to say to be aware of the passwords and logins you manage. I don’t think that this was the reason why all this happened, but you can always take more measures to keep your integrity safe and well. I recommend to use a Password Manager, avoid using the same Password for more than one access and use a VPN.
By the way, if you think your Spotify account has been compromised, visit this link: My account’s been taken over in Spotify Support.