Qobuz account hacked

The Tidal and Qobuz music files don’t belong to Roon or us. They belong to Tidal and Qobuz. We are merely paying a fee via Roon to listen to them. Our Roon library, other than your own music files, is simply a database of “links” to the Tidal and Qobuz music files. Roon does push out to our Roon database, metadata that syncs with our music, local and streamed.

You described exactly what I meant. Once you open Roon and go to your library it immediately synchronizes it with Tidal. You can’t remove a favorite in Tidal but keep it in Roon library. The track is still there, in Tidal, but the reference to it is gone. Because of this you can’t switch Tidal accounts without losing your library in Roon. And that’s what I meant by “Roon relies on Tidal for storing your library”.

It’s probably just semantics at this point, but Roon doesn’t use any storage on tidal/Qobuz.

There are several apps you can use to sync your music links from one provider to another. TuneMyMusic is the one I use and it is free. I copy my Qobuz album links to Apple Music. In Roon, I also make sure I add a new album link to both Qobuz and Tidal if it is available on both. I rarely add album links directly to Tidal or Qobuz unless Roon cannot find them for some reason.

Doing that doesn’t carry over your meta data sadly. Examples include favourite tracks, genres, ratings etc.

While you can sync albums across services / accounts, Roon sees every copy and every account differently. Ideally, Roon would use its database to identify copies underneath the album. If you delete a copy, switch service or buy a copy for yourself, all your metadata applies, play history rolls up etc.

1 Like

Roon provides all the metadata for every new album I add for both Tidal and Qobuz. I only use albums, not tracks or playlist, etc. and I don’t add my own metadata alterations, etc. I also don’t have any music files of my own, so Roon works perfectly for me. I guess it would be impossible to meet the wishes and desires of everyone.

Anyway, I’m still not sure the person who posted earlier understands that the music belongs to Tidal and Qobuz and resides on their servers.

I have to admit to having relatively simple Roon and Qobuz passwords, thinking that not much harm could be done if hacked. I think I’ll change both tomorrow when I’ve no drink in me.

A slight aside what do you think of password managers, I’ve always avoided them as I thought it just takes one hack to have everything with them.

Having said that Mozilla has all my passwords stored, but I do have a super strong Mozilla password and 2FA on everything that has it.


1 Like

And that’s the problem. Many apps to transfer favorite from one service to another but no way to transfer from one Tidal account to another Tidal account. Besides, I would expect Roon to remember my “favorites”, what I like regardless where the content is located. Maybe view it as bookmarks in your browser. If you change your internet provider your bookmarks will still work.

Of course, that person understands this. It’s obvious. Nobody is suggesting to steal that from them. But he doesn’t understand how it is relevant here. As I wrote above maybe it’s a good way to view Roon’s library as bookmarks in your browser. If you change your internet provider your bookmarks will still work.

sjb Yes, if you use Mozilla’s offering you are essentially using a type of password manager already, so if your initial password is super-strong then that is a good place to be, plus, as you say using 2FA when ever you can.

The beauty of ‘most’ password managers (and they do differ) is that you can have the option of never having your passwords or, most importantly, the master password synced to any server (i.e. one outside your pc/device/house whatever). By that I mean you can opt to keep your master password and all your sub passwords on a thumb drive that you can take where ever you go - plug it into your device and you’re away. If you lose that usb drive then, unless you have also backed it up somewhere, you’re toast.

From the other side, ‘most’ password managers will also allow the choice for you to sync all content to a master server somewhere and store things there. That way you can remotely log onto that server with your app on whatever machine/device without the need to cart a usb device around with you. This opens up the possibility of ‘someone’ one day cracking that server - but again, they have to first get past that super -duper-strong Master Password anyway…choices, choices…

1 Like

Roon stores links to music files located on Tidal. When you delete your old Tidal account, those links are broken. They no longer link to anything. There is nothing for Roon to remember. When I closed my old Tidal account and opened a new one I had all the same albums linked in Roon to Qobuz. There were only about 1000 albums, so I just manually clicked on each album in Roon, then clicked Versions and added a link to the Tidal version in Roon. That was before I was using TuneMyMusic. I should have just purchased Soundiiz for a month, but it only took me a couple hours.

Alcohol generated passwords are the best! They can only be hacked by drunk hackers, and only if they had the same beverage!

1 Like

Unknown (generated), unique, long passwords stored in a password manager with MFA is ideal.

1 Like

I am not concerned as I do not have a Qobuz account , they haven’t got to Africa yet. I was just questioning the wisdom of glibly entering your email address into an unknown web site

Great advise though !!

Yes, don’t do it! Just spend a few (sober) minutes changing your important passwords instead.

1 Like

The smartest thing to do would be to use a unique un-guessable email address as well as a password for each account you wish to keep secure. So the only entity that has that email address is that account. I think Apple and outlook and others email providers allow you to create aliases which could give you extra security if used in this way.

It always stinks being violated. You do know you have no alums on Quobuz. You just have a library card. Better to buy them and rip them for this reason and many others.

or just use different ones in different locations!

We shouldn’t have to say this in 2021 - it’s the lowest level of protection. Password managers are free and enable people like me to have 200+ unique, largely completely random passwords, and at their most inconvenient, I have to copy and paste.

true, but suicide for an entertainment app.

I disagree with this statement. This problem has been solved, and solved a long time ago. OAuth etc. allows any Internet connected application trying to connect to an Internet connected service to use multi-factor authentication from an appropriately connected authentication service. Roon would be an excellent example of why OAuth was created - so much more secure than passwords - and it makes the core server and everything else Internet facing less interesting to hack.

In this world of ransomware, it should be on the top 10 features list for 2021 for every online service and every app that accesses such a service on behalf of a user - like Roon.

1 Like