December 2, 2023

A gaggle of pro-Ukraine hackers not too long ago compromised the Spotify accounts of a number of well-known Russian musicians, swapping out their profile photos for pictures of Ukraine’s flag and a Ukrainian rapper, together with messages to cease Russia’s struggle in Ukraine.

The assaults, which started final week, focused a few of the most recognizable Russian artists who had beforehand expressed their help for the Kremlin and the struggle in Ukraine, together with Nikolay Baskov, Grigory Leps, Oleg Gazmanov, and the rock band Leningrad.

The hackers modified the artists’ profile photos to yellow and blue banners (representing Ukraine’s flag), together with messages like “Cease struggle in Ukraine.” Additionally they uploaded images of the Ukrainian rapper Clonnex, in addition to screenshots from the web sport Roblox that includes avatars with usernames that apparently might be linked to individuals concerned within the assaults.

A Spotify spokesperson confirmed to Recorded Future Information that they had been conscious of the incident and had “fastened it instantly.” As of the time of publication, a few of the profiles focused by the hackers stay altered or don’t have a profile image in any respect. Spotify mentioned that the app and the desktop model could cache outdated pictures for a while. “These ought to finally revert,” the spokesperson added.

The hackers posted their checklist of supposed targets and stories of profitable assaults on a Telegram channel, and on Thursday Clonnex recorded a TikTok-style video reacting to how Russian media lined the Spotify hacks.

Clonnex didn’t reply to a request for remark in regards to the assaults.

Earlier this week, the hackers mentioned that Spotify is monitoring their channel every day in an effort to rapidly determine defaced accounts.

Among the hacked Russian singers responded to the assaults. The press secretary for pro-Kremlin artist Oleg Gazmanov informed Russian media that they’re at present investigating the incident. The media supervisor for Grigory Leps mentioned that neither he nor Leps “have any curiosity in what is occurring on Spotify” because it’s thought-about an “enemy platform.”

Spotify closed its workplace in Russia and suspended its service within the nation in March 2022 in response to the struggle in Ukraine.

A picture of an artist’s Spotify web page earlier than and after it was defaced.

Assaults on Spotify accounts

It is not simply Ukrainian hackers who’re defacing Spotify accounts. Final week, a pro-Russian hacker group claimed to have hacked a British-based music artist named Rebzyyx, changing their profile picture and album covers with photos that includes Russian flags.

As of the time of writing, Rebzyyx’s account doesn’t have a profile image uploaded. The group additionally threatened to hack into the artists’ accounts on the Russian Yandex Music platform.

It is unclear how Ukrainian and Russian hackers have carried out their assaults, however there might be a number of methods, safety specialists informed Recorded Future Information.

One in every of them is to achieve entry to unverified Spotify accounts, in accordance with Oleg Shakirov, an professional in Russian overseas coverage and safety. Hackers can request entry to those accounts by means of the platform known as Spotify for Artists, by posing as artists’ managers.

If authorized, they will entry account statistics, modify the artist’s biography, and profile picture, and promote their music. A single artist profile may be managed by a number of customers with various ranges of entry, Shakirov mentioned.

Another choice is to acquire login credentials for Spotify accounts, in accordance with Bogdan Botezatu, director of risk analysis and reporting at cybersecurity agency Bitdefender.

An account defaced to indicate a photograph of a Ukrainian artist.

Risk actors can use leaked credentials traded on cybercrime boards to achieve entry to varied main on-line companies, with the hope that the sufferer has reused the identical set of credentials throughout completely different platforms, Botezatu mentioned.

In 2021, Spotify skilled a minimum of two credential-stealing cyberattacks, impacting practically 100,000 clients who had reused the identical passwords throughout a number of on-line accounts.

Professional-Russian hackers behind the Rebzyyx hack have additionally claimed to know find out how to entry Spotify accounts by means of music distributors like Imagine. Shakirov mentioned that this technique can be doable however tougher and may be extra damaging, because it may permit hackers to delete playlists, steal cash, or add their very own songs to the artist’s profile.

Defacing artists’ accounts is probably the most simple and noticeable solution to inflict hurt on the targets, Shakirov mentioned. “There is not any have to breach the system; it is a comparatively low-skill assault, very like many defacements,” he mentioned.

Such defacements aren’t new — in 2020, hackers breached the profiles of in style singers, corresponding to Lana Del Rey and Dua Lipa, and changed their biographies and images.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

No earlier article

No new articles

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information based mostly in Ukraine. She writes about cybersecurity startups, cyberattacks in Japanese Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been printed at Sifted, The Kyiv Impartial and The Kyiv Put up.