Spotify confirms several mysterious, non-existent artists racked up thousands of listens on hijacked playlists

REUTERS/Christian Hartmann

A phenomenon of "forced listens" on Spotify drew the BBC's attention.

• A BBC report suggests that people's Spotify accounts were hijacked to listen to fake bands in order to generate revenue in royalties.
• BBC journalist Jonathan Griffin found reports of seemingly non-existent bands showing up unexpectedly on people's Spotify playlists.
• One theory in the report is that hackers were able to gain access through the massive Facebook security breach in September.
• Spotify denies this, but offered no explanation of where the mystery artists came from. It has removed them from the platform.

Strange and seemingly non-existent artists have inveigled their way onto unsuspecting Spotify users' playlists, in a mysterious phenomenon first reported by the BBC. Spotify confirmed the "artificial manipulation" of its music streams in a statement to Business Insider today.

BBC journalist Jonathan Griffin found reports of mysterious unknown bands showing up unexpectedly on people's Spotify playlists. The artists were all unfindable outside of Spotify. Griffin honed in on one band - "Bergenulo Five" - as a typical example.

Bergenulo Five's Spotify presence was puzzling to say the least. They had two albums up, one titled "Sunshine Here" and another called "Hit It Now." The albums' cover art was similar and simple, black text on a bright background.

Each album boasted 40 songs of one to two minutes in length, devoid of verses or choruses. They had apparently garnered almost 60,000 listens.

A Reddit post from October 2018 shows a user who'd encountered Bergenulo Five on Spotify (and reportedly Deezer, although Business Insider was unable to find it on there). The Reddit user commented that the band looked as if it was "generated by a bot or something."

Spotify declined to provide Griffin with details of the mystery artists, and promptly deleted them from the platform.

In a statement to Business Insider, a Spotify spokeswoman said:

"We take the artificial manipulation of streaming activity on our service extremely seriously. Spotify has multiple detection measures in place monitoring consumption on the service to detect, investigate and deal with such activity. These artists were removed because we detected abnormal streaming activity in relation to their content."

Spotify keeps stumm

The bands' purpose on the platform is still up for the debate. In the October Reddit post the user speculated that the strawman artists had been set up to generate revenue, which could be racked up by hacked accounts. A media analyst told Griffin that Bergenulo could have potentially earned $500 to $600 in royalties for 60,000 streams.

A theory in Griffin's report is that hackers could have used "access tokens" to hijack people's playlists. Access tokens allow people to log in to Spotify through Facebook, and many were stolen en masse in September when Facebook announced a huge hack of almost 50 million users. Facebook declined to comment when contacted by Business Insider.

Read more: The Facebook hack affecting 50 million people also let the attackers access users' Tinder, Spotify, and Instagram accounts

Spotify denied that the mystery artists were connected to the Facebook access token breach when contacted by Griffin. It did not, however, offer an alternative explanation for the mystery streams.