Experts Reaction On Dua Lipa And Other Spotify Artists’ Pages Hacked By Taylor Swift ‘Fan’

By   ISBuzz Team
Writer , Information Security Buzz | Dec 03, 2020 03:28 am PST

Some of the world’s most popular singers have had their Spotify pages defaced by a hacker who posted messages about Donald Trump and Taylor Swift including Lana Del Rey and Dua Lipa had their biographies replaced by the attacker. Daniel, the hacker, replaced these photos with photos of himself. The attacker also asked people to add him on Snapchat, and added the words “Trump 2020”. 

In News:

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Tim Mackey
Tim Mackey , Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
December 3, 2020 11:55 am

While the details of what weaknesses in Spotify’s security practices remain unknown, the attack highlights an important aspect of all cyber-attacks – the attackers define the rules of their attack. In this case, vandalism is an obvious component, but it could also be but one aspect of their ultimate goal. From a public perspective, without clarity around how the Spotify for Artists web site is related to the consumer Spotify site, I would recommend that all Spotify users take this opportunity to reset their passwords and review which apps they’ve linked to the Spotify service. Businesses seeking to learn from this incident should ask themselves how quickly they would be able to identify if they had fallen victim to a similar defacement effort. If the answer isn’t affirming, then a review of audit and monitoring practices is in order, along with a review of incident response planning.

Last edited 3 years ago by Tim Mackey
Chris Hauk
Chris Hauk , Consumer Privacy Champion
December 3, 2020 11:51 am

While the Spotify Artist Pages hack makes headlines, more important is the recent report of up to 350,000 Spotify user accounts being hacked, exposing sensitive information, including users\’ email addresses, usernames, and passwords.

While Spotify has contacted the users believed to have had their information exposed, even users that haven\’t been contacted shouldn\’t feel safe. They should change their password to a secure password, set up the platform\’s two-factor authentication, check to make sure the password wasn\’t being used on other sites or services, and invest in and use a password manager.

This advice is also applicable to the Dua Lipas and Lana Del Rays of the world.

Last edited 3 years ago by Chris Hauk
Paul Bischoff
Paul Bischoff , Privacy Advocate
December 3, 2020 11:30 am

The big question about the attack on Spotify is whether it occurred through the artists\’ portal where they can claim and manage their own pages, or through some other internal Spotify system. Both would be concerning but the latter much more so, as it would require compromising Spotify\’s security and not just the login information of a few artists.

Defacement is a popular sort of sport among a niche community of hackers, though it usually occurs on websites rather than apps.

Last edited 3 years ago by Paul Bischoff

Recent Posts

Would love your thoughts, please comment.x