A group of pro-Ukraine hackers recently compromised the Spotify accounts of several well-known Russian musicians, swapping out their profile pictures for images of Ukraine’s flag and a Ukrainian rapper, along with messages to stop Russia's war in Ukraine.
The attacks, which began last week, targeted some of the most recognizable Russian artists who had previously expressed their support for the Kremlin and the war in Ukraine, including Nikolay Baskov, Grigory Leps, Oleg Gazmanov, and the rock band Leningrad.
The hackers changed the artists’ profile pictures to yellow and blue banners (representing Ukraine's flag), along with messages like "Stop war in Ukraine." They also uploaded photos of the Ukrainian rapper Clonnex, as well as screenshots from the online game Roblox featuring avatars with usernames that apparently could be linked to people involved in the attacks.
A Spotify spokesperson confirmed to Recorded Future News that they were aware of the incident and had "fixed it immediately." As of the time of publication, some of the profiles targeted by the hackers remain altered or don’t have a profile picture at all. Spotify said that the app and the desktop version may cache old images for some time. "These should eventually revert," the spokesperson added.
The hackers posted their list of intended targets and reports of successful attacks on a Telegram channel, and on Thursday Clonnex recorded a TikTok-style video reacting to how Russian media covered the Spotify hacks.
Clonnex did not reply to a request for comment about the attacks.
Earlier this week, the hackers said that Spotify is monitoring their channel daily in an effort to quickly identify defaced accounts.
Some of the hacked Russian singers responded to the attacks. The press secretary for pro-Kremlin artist Oleg Gazmanov told Russian media that they are currently investigating the incident. The media manager for Grigory Leps said that neither he nor Leps “have any interest in what is happening on Spotify” since it's considered an “enemy platform.”
Spotify closed its office in Russia and suspended its service in the country in March 2022 in response to the war in Ukraine.
An image of an artist's Spotify page before and after it was defaced.
It's not just Ukrainian hackers who are defacing Spotify accounts. Last week, a pro-Russian hacker group claimed to have hacked a British-based music artist named Rebzyyx, replacing their profile image and album covers with pictures featuring Russian flags.
As of the time of writing, Rebzyyx's account does not have a profile picture uploaded. The group also threatened to hack into the artists' accounts on the Russian Yandex Music platform.
It's unclear how Ukrainian and Russian hackers have carried out their attacks, but there could be several ways, security experts told Recorded Future News.
One of them is to gain access to unverified Spotify accounts, according to Oleg Shakirov, an expert in Russian foreign policy and security. Hackers can request access to these accounts through the platform called Spotify for Artists, by posing as artists’ managers.
If approved, they can access account statistics, modify the artist's biography, and profile photo, and promote their music. A single artist profile can be managed by multiple users with varying levels of access, Shakirov said.
Another option is to obtain login credentials for Spotify accounts, according to Bogdan Botezatu, director of threat research and reporting at cybersecurity firm Bitdefender.
An account defaced to show a photo of a Ukrainian artist.
Threat actors can use leaked credentials traded on cybercrime forums to gain access to various major online services, with the hope that the victim has reused the same set of credentials across different platforms, Botezatu said.
In 2021, Spotify experienced at least two credential-stealing cyberattacks, impacting nearly 100,000 customers who had reused the same passwords across multiple online accounts.
Pro-Russian hackers behind the Rebzyyx hack have also claimed to know how to access Spotify accounts through music distributors like Believe. Shakirov said that this method is also possible but more difficult and can be more damaging, as it could allow hackers to delete playlists, steal money, or upload their own songs to the artist's profile.
Defacing artists' accounts is the most straightforward and noticeable way to inflict harm on the targets, Shakirov said. "There's no need to breach the system; this is a relatively low-skill attack, much like many defacements," he said.
Such defacements aren’t new — in 2020, hackers breached the profiles of popular singers, such as Lana Del Rey and Dua Lipa, and replaced their biographies and photos.
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.