Cyber Incident Victim: Spotify
Date:
Dec 2020
Location:
United States of America
Summary
A security breach impacted Spotify's artist portal, allowing unauthorized access to high-profile accounts including Dua Lipa and Lana Del Rey. The attacker defaced artist profiles with messages promoting a Snapchat account, political slogans, and admiration for Taylor Swift, replacing official imagery with unauthorized content. The incident occurred during the platform's prominent annual Wrapped campaign rollout, drawing public attention through social media shares of the vandalized pages. While the compromised profiles were restored, the breach exposed vulnerabilities in the password-protected Spotify for Artists system, raising concerns about credential security and unauthorized content modification capabilities. The streaming service did not publicly disclose technical details of the intrusion or confirm mitigation measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 2, 2020, Spotify experienced a security breach during the rollout of its annual Spotify Wrapped 2020 marketing campaign, which highlights users’ most-streamed songs and podcasts. Attackers compromised the Spotify for Artists platform, a password-protected portal allowing musicians and their management teams to edit official profiles. The breach resulted in unauthorized changes to high-profile artist pages, including those of Dua Lipa, Lana Del Rey, Future, and Pop Smoke. The attacker, identifying himself as "Daniel," defaced these profiles by altering biographical information and images. On Lana Del Rey’s page, he replaced her profile photo with an image of Taylor Swift. Messages added to the hijacked accounts promoted Daniel’s Snapchat account, declared "Trump 2020," and included a personal tribute to Taylor Swift stating, "Best of all shout out to my queen Taylor Swift." Screenshots of the defaced pages circulated widely on Twitter, with many users initially treating the incident as humorous rather than malicious. Spotify restored the affected profiles but did not publicly confirm the breach’s scope or containment status at the time of reporting.
The incident occurred alongside unrelated account-takeover reports from the preceding week, amplifying scrutiny of Spotify’s security practices during a high-traffic promotional period. Cybersecurity analyst Tim Mackey noted the breach demonstrated attackers’ ability to define intrusion objectives, emphasizing that vandalism could mask broader threats. While no data theft or financial fraud was reported, Mackey advised users to review account passwords and security settings due to Spotify’s lack of detailed disclosures. The timing coincided with peak engagement for Spotify Wrapped, diverting media attention from the campaign to the security lapse. The company faced operational challenges in detecting and responding to the defacements, prompting Mackey to urge businesses to audit monitoring systems and incident-response plans. No technical details regarding the attackers’ entry vector or Spotify’s remediation steps were disclosed publicly.