Pro-Iran Hackers Claim DDoS Attack Causing Spotify Outage
Severity: High (Score: 60.0)
Sources: www.techradar.com, Inkl, Scworld
Published: · Updated:
Keywords: spotify, outage, claimed, hacking, services, caused, ddos
Severity indicators: ot, outage
Summary
On May 12, 2026, Spotify experienced a major outage affecting its app and web player due to a Distributed Denial of Service (DDoS) attack. The Islamic Cyber Resistance in Iraq-313 Team claimed responsibility, stating the attack was revenge for the death of Imam Khamenei. The outage began around 12 p.m. ET, with reports peaking at 14,000 users affected. While offline music playback continued, the app and web services were inaccessible for over two hours before being restored. This incident follows a similar DDoS attack on Canonical, the company behind Ubuntu, indicating a pattern of targeting by the same group. Spotify confirmed it was investigating the incident and had resolved the issues by 5 p.m. ET the same day. Key Points: • Spotify suffered a DDoS attack on May 12, 2026, impacting thousands of users. • The Islamic Cyber Resistance in Iraq-313 Team claimed the attack as revenge for US actions. • This incident follows a previous attack on Canonical, suggesting a targeted campaign.
Detailed Analysis
**Impact** The outage affected thousands of Spotify users primarily in the US and UK, with reports peaking at around 14,000 users experiencing service disruption. The attack caused Spotify’s app, web player, and support services to be inaccessible for over two hours, impacting user experience and operational availability. Offline playback remained functional, indicating no direct compromise of user data. The incident also follows a similar disruption targeting Canonical, affecting Linux distribution services and updates. **Technical Details** The attack was a Distributed Denial of Service (DDoS) targeting Spotify’s main servers, initiated around 12 p.m. ET on May 12, 2026. The Islamic Cyber Resistance in Iraq-313 Team claimed responsibility, citing retaliation motives linked to geopolitical events. No specific malware, CVEs, or detailed infrastructure indicators were disclosed. The attack disrupted service availability, corresponding to the delivery stage of the kill chain. **Recommended Response** Organizations should monitor for increased DDoS activity and ensure mitigation services, such as traffic filtering and rate limiting, are active and properly configured. Spotify and similar service providers should review and strengthen their DDoS protection measures and incident response plans. No specific patches or IOCs were provided; defenders should maintain vigilance on network traffic anomalies and update threat intelligence feeds for any emerging indicators related to this group.
Source articles (4)
- Spotify outage caused by DDoS attack claimed by hacking group | brief — Scworld · 2026-05-18
As detailed in Tech Radar, Spotify experienced a significant outage on May 12, 2026, impacting its applications, web players, and support services for several hours. The music streaming giant confirme… - Some Ubuntu Services Are Still Down Following Outages After Ddos Attack — www.techradar.com · 2026-05-19
- Best Ddos Protection — www.techradar.com · 2026-05-19
- Pro-Iran hackers claim recent Spotify outage was revenge for US action in their country — Inkl · 2026-05-18
The Islamic Cyber Resistance in Iraq-313 Team, a hacking collective which has been sporadically targeting companies and services across the Western world, has claimed responsibility for the major outa…
Timeline
- 2026-05-12 — Spotify outage begins: Thousands of users reported issues with Spotify's app and web player due to a DDoS attack.
- 2026-05-12 — DDoS attack claimed by hackers: The Islamic Cyber Resistance in Iraq-313 Team claimed responsibility for the attack on Telegram.
- 2026-05-12 — Spotify services restored: Spotify confirmed that the issues were resolved and services were back online by 5 p.m. ET.
- Recent — Similar attack on Canonical: The same hacking group previously targeted Canonical, disrupting their web infrastructure.