For the sake of this example let us hijack the account belonging to user bigbird. From the forum post we knew that taking over an account went something like this: Our forum manager challenged the user to take over his account, and within minutes the manager’s account had a new playlist added and a new password.Ī bunch of us dropped whatever we were working on and scurried to try to understand what was going wrong and how to fix it. Some years ago, late on Good Friday, a user posted on the Spotify support forum that he and a friend could hijack user accounts.
This is the story of one time when it bit us pretty badly and how we spent Easter dealing with it. However, it has also been a reliable source of pain over the years. Spotify supports unicode usernames which we are a bit proud of (not many services allow you to have ☃, the unicode snowman, as a username).
0 kommentar(er)
