A group of pro-Ukrainian hackers recently compromised the Spotify accounts of several well-known Russian musicians, swapping their profile pictures for images of the Ukrainian flag and a Ukrainian rapper, as well as messages aimed at ending the Russian war in Ukraine.
The attacks, which began last week, targeted some of Russia’s best-known artists who have previously expressed support for the Kremlin and the war in Ukraine, including Nikolay Baskov, Grigory Leps, Oleg Gazmanov and the rock band Leningrad.
The hackers replaced the artists’ profile photos with yellow and blue banners (representing the flag of Ukraine), accompanied by messages such as “Stop the war in Ukraine.” They also uploaded photos of Ukrainian rapper Clonnex, as well as screenshots from the online game Roblox showing avatars with usernames that could apparently be linked to those involved in the attacks.
A Spotify spokesperson confirmed to Recorded Future News that they were aware of the incident and “resolved it immediately.” At the time of publication, some of the profiles targeted by hackers remain edited or have no profile picture at all. Spotify said that the app and desktop version can cache old images for a certain period of time. “These should eventually return,” the spokesperson added.
The hackers published their list of intended targets and reports of successful attacks on a Telegram channeland Thursday Clonnex checked in a TikTok-style video reacting to how Russian media covered the Spotify hacks.
Clonnex did not respond to a request for comment on the attacks.
Earlier this week, the pirates said that Spotify monitors its channel daily in order to quickly identify degraded accounts.
Some of the hacked Russian singers responded to the attacks. Press secretary of pro-Kremlin artist Oleg Gazmanov told Russian media that they are currently investigating the incident. Grigory Leps’ media manager said that neither he nor Leps “are interested in what happens on Spotify” because it is considered an “enemy platform.”
Spotify closed its office in Russia and suspended his service to the country in March 2022 in response to the war in Ukraine.
An image of an artist’s Spotify page before and after it was defaced.
Attacks on Spotify accounts
Ukrainian hackers aren’t the only ones destroying Spotify accounts. Last week, a pro-Russian hacker group claims for hacking a UK-based music artist named Rebzyyx, replacing his profile picture and album art with images of Russian flags.
At the time of writing, Rebzyyx’s account did not have a profile picture uploaded. The group also threatened to hack artists’ accounts on the Russian platform Yandex Music.
It’s unclear how the Ukrainian and Russian hackers carried out their attacks, but there could be several ways, security experts told Recorded Future News.
One of them is accessing unverified Spotify accounts, according to Oleg Shakirov, an expert on Russian foreign policy and security. Hackers can request access to these accounts through the platform called Spotify for Artists, posing as artist managers.
If approved, they can access account stats, edit the artist’s bio and profile picture, and promote their music. A single artist profile can be managed by multiple users with different access levels, Shakirov said.
Another option is to obtain login information for Spotify accounts, according to Bogdan Botezatu, director of threat research and reporting at cybersecurity firm Bitdefender.
An account defaced to show a photo of a Ukrainian artist.
Malicious actors can use credentials leaked on cybercrime forums to access various major online services, in the hopes that the victim has reused the same set of credentials across different platforms, a Botezatu said.
In 2021, Spotify experimented at least two credential theft cyberattacks, impacting nearly 100,000 customers who had reused the same passwords on several online accounts.
The pro-Russian hackers behind the Rebzyyx hack also claimed to know how to access Spotify accounts through music distributors like Believe. Shakirov said that this method is also possible, but more difficult and may be more damaging, as it could allow hackers to delete playlists, steal money or upload their own songs to the user’s profile. artist.
Defacing artist accounts is the easiest and most visible way to harm targets, Shakirov said. “There is no need to breach the system; it is a relatively low-tech attack, much like many defacements,” he said.
Such damage is not new: in 2020, pirates violated profiles of popular singers, such as Lana Del Rey and Dua Lipa, and replaced their biographies and photos.
Future saved
Intelligence cloud.
No previous articles
No new articles
Daryna Antoniuk
Daryna Antoniuk is a freelance journalist for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe, and the state of the Ukraine-Russia cyberwar. She was previously a tech journalist for Forbes Ukraine. His work has also been published in Sifted, The Kyiv Independent and The Kyiv Post.