On March 25, the famous singer Anitta became the first Brazilian singer to reach the number one spot of the “Daily Top 50 Global” playlist on Spotify, when her song “Envolver” reached 6.4 million streams in just one day, most of them from Brazilian users.

Although this seemed like a great achievement for the young singer, cybersecurity specialists did not delay in identifying something strange behind these millions of views, ensuring that Anitta’s fans managed to hack the music platform to increase the reproductions of the song artificially.

Apparently, it all started on March 14, when the Twitter account “QG da Anitta” began sharing messages inviting fans of the singer to do everything possible to increase her popularity on Spotify, creating multiple playlists with multiple accounts, changing accounts at least every 20 minutes.

To attract more users, the administrators of “QG da Anitta” announced a giveaway of Spotify Premium accounts. This campaign led to the creation of about 100 playlists including the song, some of these lists were identified as “Envolver #1”, “Envolver Stream Party” or “Envolver 20x”. Even the descriptions of these playlists specified the goal of Anitta’s fans: “Play the song only once a day, don’t turn on shuffle and turn up the volume,” one of these lists noted.

Adriano Ferreira da Silva Filho, a 19-year-old Brazilian, says he has actively participated in this campaign, which was incredibly easy: “If you just play the song repeatedly, Spotify will believe you’re a bot. That’s why you have to create playlists with different songs and alternate them with the song you want to promote.”

Although this practice could be considered a violation of its Terms and Conditions, Spotify has made no mention of this incident or the singer’s profile.

This is not an unreleased incident, as previously other fan groups have tried to boost the popularity of their favorite artists on Spotify. In 2021, the Brazilian Cyber Police shut down almost 100 websites for the purchase of bots aimed at increasing the statistics of any artist on Spotify, regardless of the fact that this is a practice prohibited by the platform and can be considered as electronic fraud according to the legislation of each country.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How hackers can exploit Spotify algorithm to position an artist or song in the platform’s Top 50 Global playlist? appeared first on Information Security Newspaper | Hacking News.


You May Also Like

How hackers cashed out ATMs across Europe. Europol investigation in ATM JACKPOTING case

In a press release, Europol announced the arrest of two Belarusian citizens…

How a sports NFT minting platform suffered a hot wallet security breach across several project wallets, losing $18 million USD

A recent report notes that Lympo, a platform for minting sports-related non-fungible…

Information from more than 100 million Android users exposed by massive data breach

Cybersecurity specialists report that the personal information of around 100 million Android…

‘How would I feel if that was posted in Times Square?’ Lawyers warn to watch what you say about breaches

View of Jumbotrons in Times Square. One lawyer warned of the legal…