Minor Mystery: Why would anyone want to steal my SoundCloud account?

This forum is for anything not Reason related, if you just want to talk about other stuff. Please keep it friendly!
Post Reply
User avatar
platzangst
Posts: 728
Joined: 16 Jan 2015

05 Sep 2022

Two of my email addresses recently were sent that kind of "password change request" that websites often automatically generate if you forget how to log-in the site. And it wasn't me who requested the change.

Going to the site itself showed no changes; in fact, the site recognized my computer and put up my account info in the corner as usual. So, nobody was successful in changing my password, and what's more they would probably have had to compromise one of the two email addresses to do so. Which I don't think they have done. I suppose they might be playing some kind of long game and just haven't done anything malicious yet... It's easy to get a little paranoid running down these possibilities.

But aside all that, it's left me wondering: what on Earth for? My SoundCloud traffic is virtually nil. I have no fans, no particular presence in any "music community" to speak of. So taking over my SoundCloud account would seem to have no payoff - nobody is going to be able to stick up some spam file advertising porn or cryptocurrency or I dunno Raid Shadow Legends or something on my account and expect to get any sort of mistaken clicks that way.

Would they want the name? "Platzangst", last time I looked, isn't in huge demand. There's some sort of outdoor sport-based clothing/gear shop with the name - in Germany. Discogs once showed me a "Platzangst" band that wasn't me appearing on a German punk compilation - and that was their one and only appearance, ever, as far as I know. So maybe some German outfit would like to poach my SoundCloud account? Maybe - but kind of unlikely...

Maybe they think they could extort money out of me by grabbing control of my SoundCloud account and holding it for ransom? Good luck there - even if I had any money to speak of (my music career sure hasn't generated any), the lack of motion on my SoundCloud account makes it the easiest thing to just write off. I'd abandon it before paying one dime to thieves.

The only other thing I can think of is just sheer maliciousness, either personal or random. The personal being the case where someone somewhere has a vendetta against me and is targeting my online presence. I suppose someone might have been sufficiently annoyed by my arguments about determinism or something to try and sabotage my accounts, but 1) that would be exquisitely petty; and 2) I'd expect a more comprehensive attack on many accounts, not just SoundCloud. A more random maliciousness is plausible, I guess, in that I can certainly see some jackass trying to boost accounts just for the sake of being a jackass.

But in the end, I don't have a clue. It seems to make no sense to me. Has anyone out there recently experienced such a thing? Is there a SoundCloud-based scam going around that I should be aware of? These are the small mysteries that may never get solved.

User avatar
TritoneAddiction
Competition Winner
Posts: 4219
Joined: 29 Aug 2015
Location: Sweden

05 Sep 2022

Perhaps after years stuck in only making 8 bar loops that goes nowhere, someone finally had enough and wanted to see what’s like to have actual finished songs. And the thought of doing the work themselves was simply too much.

That’s my theory anyway.

User avatar
DaveyG
Posts: 2499
Joined: 03 May 2020

06 Sep 2022

Maybe they think you are Elvis.

phobic
Posts: 38
Joined: 15 Mar 2020

06 Sep 2022

Always remember that this is simply a numbers game for hackers. The actual sites may make little sense to you as they seem to hold no value that anybody could want, but if it provides another piece of your information jigsaw then it is very much relevant to them.

It is possibly an automated bot attack using your email and password information that has been collected from a compromised site. This is one that you have previously signed up to using your email address. If hackers have compromised that site chances are they then have your email and the password you used to sign up to that site from an unencrypted database. Many people still use the same password in many site that they sign up to and hackers know this so It's then just a matter of using your email along with thousands of others trying to access more websites using the same login information they have with the aim of getting further information, especially addresses and financial details. They then can sell this information on the dark web.

You say you checked the sites that emailed you the password change request emails, and you were automatically logged in. Did you follow the link in the email request or go to the site via a separate tab on your browser? If it was directly from the link, then that could very well be a compromised link (what's called a phishing email). I would sign in again to the site(s) via a clean browser or using the incognito mode on your existing browser. If you are able to sign in and access your account as normal, then I would strongly advise you to change your password(s) immediately to keep secure access to the accounts.
To see if your email has been collected from a previously hacked site check here

https://haveibeenpwned.com/

And remember to always use different passwords for every site you sign up to. Plus change password regularly, especially for sites that hold any extra information about you (address, personal, financial details)
Best wishes

User avatar
integerpoet
Posts: 832
Joined: 30 Dec 2020
Location: East Bay, California
Contact:

06 Sep 2022

DaveyG wrote:
06 Sep 2022
Maybe they think you are Elvis.
In fairness, platz is actually Elvis.

User avatar
platzangst
Posts: 728
Joined: 16 Jan 2015

07 Sep 2022

phobic wrote:
06 Sep 2022
You say you checked the sites that emailed you the password change request emails, and you were automatically logged in. Did you follow the link in the email request or go to the site via a separate tab on your browser?
Perhaps I wasn't clear: The site was SoundCloud. The letters I got were auto-generated by SoundCloud, as they would have been if I had legitimately forgotten my password. Or at least, all the links provided in the emails pointed to appropriate SoundCloud addresses, so if they were spoofs, they were very good ones. Regardless, I did not click any links directly (as I did not want to change my password), and opened up a new browser tab and navigated directly to my SoundCloud page, to find it unaltered, and to find that it recognized me as Platzangst and threw up my account icon and such in the corner.
integerpoet wrote:
06 Sep 2022
DaveyG wrote:
06 Sep 2022
Maybe they think you are Elvis.
In fairness, platz is actually Elvis.
That's right, I threw away my millions, my mansion, and my throngs of fans to focus on experimental abstractions, my true calling.

User avatar
dan_g
Posts: 364
Joined: 28 Sep 2015
Location: Germany
Contact:

07 Sep 2022

i sometimes wonder about this stuff too.

a bit ot: the same goes for spam emails. i recently got a whole bunch that was just an emty email with literaly no text, no nothing inside. whats the point???
email spam just for the sake of sending an email? this stuff is gotten to a point were its kinda really unnecessary....
:reason: :record: :re: :refill: :ignition: - 12 - Hobbyist
minimal techno - deep minimal dubstep - drum 'n' bass/neurofunk - brostep/deathstep - band recording

New Release: https://open.spotify.com/track/5mQ1XEQtZcVeFVfZvcS5kw

User avatar
jam-s
Posts: 3035
Joined: 17 Apr 2015
Location: Aachen, Germany
Contact:

07 Sep 2022

platzangst wrote:
07 Sep 2022
integerpoet wrote:
06 Sep 2022

In fairness, platz is actually Elvis.
That's right, I threw away my millions, my mansion, and my throngs of fans to focus on experimental abstractions, my true calling.
Wow, now that's dedication! ;)

User avatar
DaveyG
Posts: 2499
Joined: 03 May 2020

07 Sep 2022

platzangst wrote:
07 Sep 2022
phobic wrote:
06 Sep 2022
You say you checked the sites that emailed you the password change request emails, and you were automatically logged in. Did you follow the link in the email request or go to the site via a separate tab on your browser?
Perhaps I wasn't clear: The site was SoundCloud. The letters I got were auto-generated by SoundCloud, as they would have been if I had legitimately forgotten my password. Or at least, all the links provided in the emails pointed to appropriate SoundCloud addresses, so if they were spoofs, they were very good ones. Regardless, I did not click any links directly (as I did not want to change my password), and opened up a new browser tab and navigated directly to my SoundCloud page, to find it unaltered, and to find that it recognized me as Platzangst and threw up my account icon and such in the corner.
integerpoet wrote:
06 Sep 2022

In fairness, platz is actually Elvis.
That's right, I threw away my millions, my mansion, and my throngs of fans to focus on experimental abstractions, my true calling.
Uh-huh. :thumbup:

phobic
Posts: 38
Joined: 15 Mar 2020

07 Sep 2022

dan_g wrote:
07 Sep 2022
i sometimes wonder about this stuff too.

a bit ot: the same goes for spam emails. i recently got a whole bunch that was just an emty email with literaly no text, no nothing inside. whats the point???
email spam just for the sake of sending an email? this stuff is gotten to a point were its kinda really unnecessary....
As in my previous post, the first port of call is to visit https://haveibeenpwned.com/
this will tell you if a site you have previously entered your email address onto has been hacked and that at least some of your information is now open to attack.
If this is the case then the spam emails you receive could be for a myriad of reasons.

It could be that hackers want to simply sell this information as a current mailing list for example.

The first stage of this is to find out from their list which ones are still active and which ones are no longer used. This is done by an automated mailing, similar to what you have received, to all the email addresses the hack has provided. They don't need to write anything in the text, in fact the less they write the better as they want to generate the least amount of traffic as possible. The emails that come back as undeliverable are then deleted off the list and the ones that don't are left on.
They now have a large list of current emails for a potential new customer base in a targeted area of interest depending on where the hack came from (e.g. in music software) that they can sell over and over again.

Sometimes you don't need lots of information about an individual to make money. If the amount of emails they have hacked is large enough, that in itself can be monetised.

Again the point with any of these practices is to make money. Just because it's not immediately apparent how that is done, doesn't mean that it isn't happening.

There are opportunities for them to make money in different ways and at many stages with the various amounts of information they can find about you. And remember that there's also no limit to the amount and variety of attacks you may be subjected to as new tools are developed and sold to the hacking community via their forums in the dark web

Once you know some of your data is in these lists, all you can do is be vigilant and make yourself aware of best practices to minimise any further information loss.

phobic
Posts: 38
Joined: 15 Mar 2020

07 Sep 2022

platzangst wrote:
07 Sep 2022
Perhaps I wasn't clear: The site was SoundCloud. The letters I got were auto-generated by SoundCloud, as they would have been if I had legitimately forgotten my password. Or at least, all the links provided in the emails pointed to appropriate SoundCloud addresses, so if they were spoofs, they were very good ones. Regardless, I did not click any links directly (as I did not want to change my password), and opened up a new browser tab and navigated directly to my SoundCloud page
You don't say whether or not you checked if your email was found at the website I linked to. Once you know some of your data is in these lists, all you can do is be vigilant and make yourself aware of best practices to minimise any further information loss.

That's why I suggested you change your SoundCloud password. If you don't want to do that then that's your choice. My lengthy post was to answer your question with a possible explanation to make you aware of what may be happening. If someone has been trying to gain entry to my property, I tend to be more vigilant and increase security where I can, whether that's physical property or not makes no difference to me. However it's your data, you do what you want with it :thumbs_up:

User avatar
platzangst
Posts: 728
Joined: 16 Jan 2015

07 Sep 2022

phobic wrote:
07 Sep 2022
That's why I suggested you change your SoundCloud password. If you don't want to do that then that's your choice.
There's nothing they could get from my SoundCloud that they wouldn't already have if they managed to get access to my email accounts, besides the ability to post and delete content.

Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 8 guests