I think my Spotify account was hacked! What do I do?

This phrase is becoming more common and raising some concerns. I recently experienced this myself, here’s what happened and how I was able to regain control of my account.

While listening to Spotify, the music changes to something you did not queue, or is clearly different to your usual listening tastes. Immediately look at the Spotify App on your Phone, Web Browser or Computer to see which device is playing. If it has started playing from another device it may look like this.

Notice that an additional device is listed and highlighted, that device is now controlling your Spotify. Do you recognize the device?

Notice that an additional device is listed and highlighted, that device is now controlling your Spotify. Do you recognize the device?

Now before you panic, take a look at that device. Is your partner, a friend or family member logged in to your account somewhere else Did you leave your Spotify logged in at a house party?

If you do not recognize the device, you can follow these steps to help secure your account.

  • Go to Spotify.com and login.
  • Click ‘Change password’ on the left menu and create a new password that has not been used on any other website.
  • You will need to log in to Spotify.com with your new password.
  • Click ‘Account overview’ on the left menu, scroll down to the bottom and click ‘Sign out everywhere’.
  • Click ‘Apps’ on the left menu. These are Spotify and third party apps that have control over various aspects of your account (follow artists, save albums, add songs to playlists etc.) Some of these Apps are for Spotify features such as Wrapped, or Anchor if you distribute your podcast with them. If you see an App you don’t recognize you can ‘remove access’.

After completing these steps I did not experience this again, thankfully.

It is worth adding that you may have signed in to your Spotify account with one of these ‘Apps’ a long time ago and simply forget. Here’s some reasons you may have connected to an App before.

  • You entered a competition and to enter you were required to sign in with your Spotify account.
  • You linked your Spotify account to your website host to display a ‘social link’ (Squarespace for example).
  • Spotify Wrapped asked you to sign in to see your “year in music”.
  • A curator asked you to “sign in with Spotify to submit music”. While you connect to these websites to submit music, you can always remove the App after if you no longer will submit music through their site.
  • A remix competition required you sign in with Spotify and listen to 30 seconds of the song to receive the stems. More than 30 seconds of listening counts as a paid stream (incase you didn't know).
  • Google asked you to sign in and connect to your Spotify account to receive a gift such as a speaker perhaps :)

You may recognize these Apps and for those where you no longer want that third party to have access to your account you can simply remove them.

This may also be a good time to think about additional housekeeping for other websites where you may have shared login credentials or granted access to third party Apps. Think about how many websites you may have completed a ‘sign up with Facebook’.

Here is a link to the support article on Spotify for additional reading. I hope that you found the information in this post helpful. Please feel free to share it if you know of anyone who has experienced something similar or has concerns about their account.

Please note:
Every effort was made to ensure this information is accurate and helpful. No information has been provided by Spotify themselves and this has not been endorsed or verified by Spotify in any way. Please take this as general advice to encourage you to secure your account as you would with any online account that you feel may have been compromised. The editor of this post takes no responsibility for any users actions and can not provide technical support on this matter. If any of this information appears to be incorrect please don’t hesitate to get in contact, thank you.