Were Spotify Accounts Hacked to Boost Streams for Fake Artists?

Uh-oh. Photo: Daniel Sambraus/Getty Images

If your last Spotify year-in-review looked a little fishy, there’s some bad news to explain why: Your account might’ve been compromised. The BBC reports that several Spotify accounts were victim to a breach where plays for fake artists were planted in people’s listening histories to generate fake streams. Dubbed as “mysterycore,” the BBC and some users discovered artists under names like Bergenulo Five, Dj Bruej, Bratte Night, and more all with no internet presence, suspiciously similar album artwork and track lists, and albums with little to no lyrics and mostly short songs that began showing up in people’s listening histories with irregularly high streams beginning last October.

They’ve determined that these artists are fake, and accounts might’ve been accessed due to a Facebook breach last September that violated access tokens, which are used to allow you to log in to Spotify with your Facebook account. Facebook said at the time that it canceled all compromised access tokens, but BBC sources say some might’ve been missed, though they report that personal information from your Spotify account (like credit-card details) might not have been accessed.

Spotify confirmed in a statement to the BBC that it has removed these fake artists from the platform, but did not go so far as to say the platform was hacked:

“These artists were removed because we detected abnormal streaming activity in relation to their content. We take the artificial manipulation of streaming activity on our service extremely seriously. Spotify has multiple detection measures in place monitoring consumption on the service to detect, investigate and deal with such activity. We are continuing to invest heavily in refining those processes and improving methods of detection and removal, and reducing the impact of this unacceptable activity on legitimate creators, rights holders and our users.”

They denied that the breach had anything to do with the Facebook hack or access tokens, but could not confirm who created the fake artists, how they manipulated people’s accounts, or even if the scheme was successful in getting money from Spotify through royalties. (Spotify began allowing artists to upload music directly to the platform with no label or distributor just before these fakes artists began cropping up, which could also explain how they got onto the platform.) Spotify has come under fire in the past for allegedly paying producers to create fake artists and flood their playlists with those songs as a way of cheating for streams, all of which Spotify denied doing.

Was Spotify Hacked to Boost Streams for Fake Artists?