Experts Reaction On Dua Lipa And Other Spotify Artists’ Pages Hacked By Taylor Swift ‘Fan’

Some of the world’s most popular singers have had their Spotify pages defaced by a hacker who posted messages about Donald Trump and Taylor Swift including Lana Del Rey and Dua Lipa had their biographies replaced by the attacker. Daniel, the hacker, replaced these photos with photos of himself. The attacker also asked people to add him on Snapchat, and added the words “Trump 2020”. 

In News: https://www.bbc.co.uk/news/technology-55158317

Experts Comments

December 03, 2020
Tim Mackey
Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
Synopsys
While the details of what weaknesses in Spotify’s security practices remain unknown, the attack highlights an important aspect of all cyber-attacks – the attackers define the rules of their attack. In this case, vandalism is an obvious component, but it could also be but one aspect of their ultimate goal. From a public perspective, without clarity around how the Spotify for Artists web site is related to the consumer Spotify site, I would recommend that all Spotify users take this.....Read More
While the details of what weaknesses in Spotify’s security practices remain unknown, the attack highlights an important aspect of all cyber-attacks – the attackers define the rules of their attack. In this case, vandalism is an obvious component, but it could also be but one aspect of their ultimate goal. From a public perspective, without clarity around how the Spotify for Artists web site is related to the consumer Spotify site, I would recommend that all Spotify users take this opportunity to reset their passwords and review which apps they’ve linked to the Spotify service. Businesses seeking to learn from this incident should ask themselves how quickly they would be able to identify if they had fallen victim to a similar defacement effort. If the answer isn’t affirming, then a review of audit and monitoring practices is in order, along with a review of incident response planning.  Read Less
December 03, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
While the Spotify Artist Pages hack makes headlines, more important is the recent report of up to 350,000 Spotify user accounts being hacked, exposing sensitive information, including users' email addresses, usernames, and passwords. While Spotify has contacted the users believed to have had their information exposed, even users that haven't been contacted shouldn't feel safe. They should change their password to a secure password, set up the platform's two-factor authentication, check to make .....Read More
While the Spotify Artist Pages hack makes headlines, more important is the recent report of up to 350,000 Spotify user accounts being hacked, exposing sensitive information, including users' email addresses, usernames, and passwords. While Spotify has contacted the users believed to have had their information exposed, even users that haven't been contacted shouldn't feel safe. They should change their password to a secure password, set up the platform's two-factor authentication, check to make sure the password wasn't being used on other sites or services, and invest in and use a password manager. This advice is also applicable to the Dua Lipas and Lana Del Rays of the world.  Read Less
December 03, 2020
Paul Bischoff
Privacy Advocate
Comparitech
The big question about the attack on Spotify is whether it occurred through the artists' portal where they can claim and manage their own pages, or through some other internal Spotify system. Both would be concerning but the latter much more so, as it would require compromising Spotify's security and not just the login information of a few artists. Defacement is a popular sort of sport among a niche community of hackers, though it usually occurs on websites rather than apps.
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.