Spam on my about me

  • 10
  • Problem
  • Updated 1 week ago
  • In Progress
  • (Edited)
I have changed my password and unlinked all my accounts and they still have access to my account and keep changing my bio and follows.
https://www.last.fm/user/seanb0112
Photo of Sean Broadbent

Sean Broadbent

  • 7 Posts
  • 5 Reply Likes

Posted 3 months ago

  • 10
Photo of Josh V

Josh V

  • 4 Posts
  • 3 Reply Likes
Same problem here, tried changing passwords and linked a new email, still changing my bio..wtf is happening.
Photo of Sean Broadbent

Sean Broadbent

  • 7 Posts
  • 5 Reply Likes
I'm guessing it is because when you change password, it does not force logout every account logged in. It is a pretty bad design and a big security flaw. 

I'm not going to mess with my account as even if I change anything it will just go back to spam in about an hour or too.

I also have a load of followers on my account that have the same problem and seem to be legit accounts taken over like mine.
A few examples:
https://www.last.fm/user/Vycrance
https://www.last.fm/user/makayun
https://www.last.fm/user/pel-poi
Photo of Jon

Jon, Community & Customer Services

  • 4488 Posts
  • 3375 Reply Likes
>>>I'm guessing it is because when you change password, it does not force logout every account logged in.

Hi Sean, unfortunately that's correct.  The development team will be correcting this as soon as possible, as well as looking into other ways to prevent the spammer from vandalising your about me while they're doing that.  We're sorry for any inconvenience caused by this issue in the meantime.

If you don't want to wait, a somewhat more extreme solution would be to temporarily ban your account until tomorrow morning.  This would force the spammer to clear their cookies if they try to access your profile, revoking their login in the process.  It's incredibly frustrating for me that we can't offer a more appropriate fix, but this is the fastest solution I can offer you.
(Edited)
Photo of Jon

Jon, Community & Customer Services

  • 4488 Posts
  • 3375 Reply Likes
>>> I'm scared my account will become a target. 
It's unlikely if your password is strong, up-to-date, and you're not using the same username / password combination elsewhere (password managers can help with this).
Photo of cptchi

cptchi

  • 134 Posts
  • 178 Reply Likes
I already use a password manager and strong passwords. Seems like I'm safe then. Thanks Jon.
Photo of Sean Broadbent

Sean Broadbent

  • 7 Posts
  • 5 Reply Likes
Would temp banning an account force logout all accounts logged in? If so, I would be willing to do that to get my account back up to normal.
Photo of Jon

Jon, Community & Customer Services

  • 4488 Posts
  • 3375 Reply Likes
Not exactly, but if they attempt to access your account while it's suspended they'll be blocked from the site until they clear their cookies (permanently logging them out).  There's no guarantee they'll fall for it, but given how quickly it seems user bios are being reverted back after changing them, I think there's a good chance it'll work.
Photo of Jon

Jon, Community & Customer Services

  • 4488 Posts
  • 3375 Reply Likes
Official Response
Hi everyone, we've just pushed out an update that allows you to logout everywhere from your account settings.  This will log you (and anyone else) out of the Last.fm website in all browsers.

If you still have spam on your profile, please first change your password and then click the logout everywhere button underneath (you will be asked to enter your password to confirm).   Now log back in with your new password and you should find that you can edit your about me without further problems.  
(Edited)