For Volumio I use a Spotify account which I do not use anywhere else. Last week I received an email from Spotify stating my account was added to another email adres. It was not a mail adres of me. I could not access Spotify anymore. The support of the helpdesk of Spotify was fine, they helped me out and I got my Spotify-account back. But I was wondering: how is this possible? Then I Googled my own email adres… I found a list of Spotify accounts and passwords publicated on internet in Pastebin.com . I will not give the link here.
Does anyone have the same experience?
Is Spotify on Volumio safe? Two methods using spotify. One makes use OAuth for generating a token.
Is my RPi hacked? What can I do to prevent this?
I analyzed the leaked combos of users\password, and did not find any volumio affected users (in the oauth2 thread), which likely excludes volumio oauth plugin as source of attack.
In any case I am contacting the plugin developer (which also hosts the oauth2 server for the plugin) to mitigate any possible security risk.
Thank you for your swift reply.
If no other Volumio/Spotify users are in the Pastebin list, then Volumio can be excluded as suspected.
Then it might be reuse of the same username passwd combination which was used also by an already hacked account of another kind.
However it is still a mystery (and time to change all passwds)
Can you write us to info at volumio dot org ?
We need informations on why you think it was hacked due to Volumio (even though it seems quite unlikely), so in case we investigate and fix
