Spotify安全漏洞使陌生人進入您的家庭帳戶

  • 流覽次數:: 43
  • 分類: 產業區
  • 分享次數:
  • 作者: 音樂地圖
  • Spotify安全漏洞使陌生人進入您的家庭帳戶

      202010/2603:03

    ◎Spotify的客戶抱怨,陌生人闖入他們的家庭帳戶。
    ◎「Spotify Premium Family」每月最多可讓同一個家庭的六個成員使用,每月14.99美元,比單個Premium帳戶每個9.99美元的費用便宜得多。但是,有會員抱怨陌生人闖入他們的家庭帳戶,從而使他們可以免費下載高級訂閱。
    ◎一位客戶聲稱在其家庭帳戶上設置了四個陌生人資料。他在Reddit上寫道:不知道他們是誰,或者他們如何得到我的訂閱,甚至不知道何時發生或發生多久。
    ◎其他幾個客戶也報告了類似的入侵事件,這些投訴可追溯到數年前。實際上,早在2017年,在Spotify自己的社區論壇上就提出了同樣的投訴,當時有幾位客戶抱怨同樣的問題。
    ◎儘管家庭帳戶成員無法直接前往彼此的帳戶,但Spotify最近推出了共享的家庭播放列表,這意味著駭客侵入家庭帳戶,可能會影響共享的音樂串流。他們還可以從Spotify網站上看到其他家庭成員(可能是孩子)的名字。
    ◎Spotify的安全性可能會更強。該服務不提供任何兩步驟驗證,例如,當設置新帳戶時,要求客戶輸入發送到手機或註冊電子郵件帳戶的密碼。同樣,添加新的Family成員時,Spotify也不會通知主要帳戶持有者,通常不會被持有者發現。
    ◎要檢查您的「Spotify Premium Family」帳戶中是否有陌生人,請前往Spotify網站,登入您的帳戶,單選“個人資料”和“帳戶”,然後選擇Premium Family後,帳戶成員將在螢幕上列出。

     詳細全文:

    Spotify customers are complaining that strangers are breaking into their Family accounts, years after the problem was first raised with the music-streaming service.
    Spotify Premium Family gives up to six members of the same household Premium accounts for $14.99 per month, which is considerably cheaper than individual Premium accounts at $9.99 each.
    However, members of the Spotify subreddit are complaining that strangers are barging into their Family accounts, allowing them to freeload on a premium subscription.
    One customer claims four stranger profiles were set up on their Family account. “No clue who they were, or how they got on my plan,” he wrote on Reddit. “I found out by accident while changing my plan. Not even sure when it happened or how long this has been going on for.”
    Several other customers in the same thread report similar intrusions, with complaints spanning back several years. Indeed, the same complaint was raised on Spotify’s own community forum as far back as 2017, with several customers complaining of the same problem then.
    Although Family account members can’t directly access each other's accounts, Spotify recently introduced a shared family playlist, which means hackers breaking into the family account could affect the shared music streams. They could also see the names of other family members, potentially children, from the Spotify website.
    Is Spotify security strong enough?
    The problem is unlikely to be the direct result of a hack of Spotify’s systems. “The underlying problem is most likely one of password reuse,” said Graham Cluley, an independent cybersecurity analyst. “It sounds like something Spotify needs to clamp down on.”
    Spotify’s security could be stronger. The service doesn’t offer any two-factor authentication, which would require a customer to enter a code sent to a cell phone or registered email account when setting up a new account, for example.
    Likewise, Spotify doesn’t notify the primary account holder when a new Family member is added, meaning freeloaders often remain undetected. “At the very least, when someone joins the family group, the head of the group should get an email asking if you want to permit another user or not,” Cluley said. “You’d want them [Spotify] to be a bit more professional and look after the userbase.”
    To check if you’ve got any strange accounts holders on your Spotify Premium Family account, visit the Spotify website, log in with your account details, click Profile, then Account and select Premium Family from the left-hand side. Account members will be listed on the screen.
    Spotify hadn’t responded to a request for comment at the time of publication.

     

    Forbes
    https://bit.ly/2D94CBj