Qobuz account hacked

Hopefully it’s just this (or something alike, lot of issues Roon/Qobuz lately): Qobuz albums removed from Roon Library [Qobuz server sync issue resolved] - Support - Roon Labs Community

To send you to Tidal/Spotify/Appple/Amazon? :rofl:

Or even worse…MQA.
Whoops now I gone and done it!

4 Likes

It looks like my issue was of a different nature as when I finally got to log into my Qobuz account through a web browser all of my saved albums were indeed gone.
Zip, zilch, nada, squat.

Unless it was something on Roon end ?

I truly do not think so but who knows.

We see tens of thousands of attempts daily where random ips around the internet just try combinations of emails and passwords.

We logged a bunch of the failures and found they were all from email/password lists from other hacks/leaks.

They change your credentials and hope you don’t use the service enough to notice.

Hundreds of Roon users have been attacked using the same testing of accounts emails/passwords.

4 Likes

I did not think this one was a Roon/Qobuz sync issue although the timing was convenient.

Once I found I could not log back into Qobuz anywhere I thought had to be hacked.
Needless to say many passwords have been changed over past few hours!

This looked like a Tidal version a few days ago


WHOA! All my Qobuz albums in Roon are gone, too! What’s going on?!

See my response in this topichttps://community.roonlabs.com/t/all-my-qobuz-albums-are-missing-from-my-library/162656

Thanks! But any explanation from #support advisory from Roon? I didn’t get any email. If you knew about this, why not email us?

My albums in Qobuz didn’t disappear in Qobuz, only in Roon.

There have been multiple threads in the Support category about the syncing issue. A fix has been applied, but apparently it takes time to be applied to all accounts. See this:

1 Like

I should make note, when you change your password, email, or even login with your Roon password, you will get an email notifying you of that fact. It’ll contain a location which we determine using IP address to physical location mapping. It’s not perfect, but it’s usually pretty close to where you are.

This is one way we protect from accounts getting hacked.

We also made it so you (or attackers) can’t change your email or password without access to your old email inbox. Again, to prevent account takeovers.

1 Like

When any of the above happens, the account is already hacked (password, login, email and so on only can be changed from within the account) and other damages can be done. While email notifications and verifications are absolutely better than nothing, two factor authentication login is by far the way to go (my unrequested 2c).

2 Likes

Just going to leave this here…

3AC67816-5C74-4A1D-9322-F71BF2B87A59

4 Likes

Yup, change your passwords frequently.

or just use different ones in different locations!

true, but suicide for an entertainment app.

An entertainment app with credit cards and third party passwords (Tidal, Qobuz, DropBox logins) on file!

It may be an inconvenient for some if you have to login on a daily bases, no doubt about it, but that’s not the case with roon. There are other methods to authenticate the Core without having to use the account’s password.

BTW, you are not alone in seeing security this way, amazon uses the same password for the music app as the main account, which is a huge NO WAY security wise.

1 Like

Adaptive MFA handles this well. It stores fingerprints for your computer, your browser, your IP…any of these change, challenge, otherwise don’t.

1 Like

There is a thread about this issue. It is no hack. Apparently, it has to do with the sync between Roon and Qobuz.

Quite a lot of Roon users have been affected for about a week or two and the issue remains unsolved to date.

It would be appropriate that Roonlabs shares information spontaneously about this problem. That would prevent customers’ legitimate frustration and avoid potential mistakes when trying to solve it individually.

Roon seems lax on security, by todays standards, from beginning to end. It might harm the experience, but anything networked with my data and my payment details, needs solid protection. Its a bad world out there. The future, customer opens Roon:

Hi Mike, can you identify the traffic lights, and enter the 16 digit number from the message we sent?

:rofl:

1 Like