Flatpak spotify might have compromised

after 2 days since i installed flatpak spotify from flathub i lost my spotify account fully email address and passwords changed then i got messages from same email microsoft account they have taken control on my account and i see multiple connection and logins to that microsoft account

1 Like

You should discuss with the Spotify Flathub maintainers whether this issue is really about the Spotify Flatpak client itself.

5 Likes

Man, this sucks to hear. I have been using the Spotify Flatpak since it was released. Before that, I ran the Spotify .deb in a systemd-nspawn container (way back in Fedora 2X days).

I need to ask a follow up question, Do you have KeepassXC or do you use HaveIBeenPwned :


I have password manager and everything else had 2fa with passkeys and yubikey not actually sure what and where but all my accounts that was using same email with Microsoft email without 2fa
Got breached and on my Microsoft logs I saw thousands unsuccessful login and 20+ successful logins no password changes on Microsoft so I got that changed and then I deleted and Spotify got fully breached with changed passwords and email address had to spend 2 days just to recover it and change email to my with new password delete card details and then delete account

:exploding_head:

That’s insane. You could consider using Paypal or another service ( I think Visa has one. . . ) to obfuscate your Credit Card numbers. I’ve been doing that for years.

Yeah I have now all credit cards obfuscated and bank is notified for monitor all transactions and send each purchase transactions to sms too so can monitor if card is compromised too, but this was really insane actually even I had 20 words random passes generated by password manager only no 2FA on those so those got compromised and the main Microsoft account was other Microsoft accounts recovery mail and I used enhanced protection there too still but I guess all of those Microsoft accounts got compromised so changing all accounts emails on registered services is pain

1 Like

Why do you think that the cause is Spotify flatpak? Do you have any strong evidence?