Guest post by James Shotwell from Haulix
A new report from the BBC finds fake artists accumulating plays from real accounts, but who’s listening?
Multiple Spotify users, including one dedicated BBC reporter, made a surprising discovery when reviewing their 2018 listening habits on Spotify: They were supporting artists they’d never heard of whose legitimacy is up for debate.
As first reported by the BBC on January 25, plays of ‘mystery’ tracks from artists such as Bergenulo Five, Bratte Night, DJ Bruej and Doublin Night were being credited within individual Spotify user accounts – despite these same users knowing nothing about this music. Here are just a few examples:
The artists in question, whose sound has been dubbed ‘mysterycore,’ are suspiciously similar. Every act has multiple instrumental releases featuring up to forty tracks on each album, with the average song lasting between one and two minutes. Many of the songs racked up thousands of plays in 2018 without any of the artists garnering press or being featured on prominent Spotify playlists. Their success makes no sense, but the BBC does have a theory that might explain their existence.
In September 2018, Facebook reported that up to 50-million accounts were compromised in a large-scale security breach. That cyber attack may have enabled hackers to get ahold of ‘Access Tokens,’ which allow users to log into Spotify using their Facebook accounts. Hackers may have then created fake artists and uploaded their fake albums to Spotify directly using a tool the streaming giant introduced in September. From there, hackers could use the pirated account information to rack up streams that would later turn into revenue.
That theory is further substantiated with the revelation that all plays for the mystery artists were accrued in October 2018 and after.
However, as Music Business Worldwide reports, that explanation cannot be correct because Facebook and Spotify claim Access Tokens were not accessed in the attack. The site also reports receiving tips from industry insiders about similar unrecognized plays appearing in user history as far back as March 2018, months before the Facebook hack took place.
Spotify has removed many of the artist accounts in question since the BBC story went live last week, but MBW found at least two of the accounts from their investigation were still active of as of today, January 29. The team at Spotify has declined repeated requests for additional information about the artists and has yet to reveal whether or not the artists received payouts for their streams.
The question remains as to who could be behind these accounts, as well as who has the capability to generate streams through legitimate accounts without the user knowing their profile has been accessed. Rumors abound, with many suggesting Spotify themselves could be responsible, but no hard evidence to support these claims has been made public.
If you have any additional information or insight on this topic, email us! Send your tips to firstname.lastname@example.org and help us uncover the truth.