Latest news with #PaulBender
ABC News
5 days ago
- Entertainment
- ABC News
'It's so dystopian' AI streaming fraud is on the rise. This Grammy nominee is fighting back.
Three-time-Grammy-nominated musician Paul Bender is pissed off. He's the bassist for revered Melbourne/Naarm group Hiatus Kaiyote, who've been sampled by Drake, Beyoncé and Kendrick Lamar, and made admirers out of Doja Cat and the late, great Prince. But what's got Bender riled up involves The Sweet Enoughs — his easy-listening solo project launched during the 2020 lockdown that has racked up more than 26 million Spotify streams with next to no promotion. In March, a new Sweet Enoughs track was uploaded to the streaming service, its presence alerting fans — including celebrities like Tyler, The Creator, Questlove and the group's more than 80,000 monthly Spotify listeners. But something was off. The track's generic artwork and tinny production was nothing like the exotica-inspired sound and aesthetic of The Sweet Enoughs' debut album, Marshmallow. More significantly, Bender hadn't approved or uploaded any new music. "It was some of the most insanely clunky, amateurish, bizarre pieces of audio I've ever experienced," he says. Then, it happened again. This time, a distorted mumble rap track appeared on his Spotify profile. Then another, which "basically sounded like Crazy-Frog-era Eurotrash". In the following days, a fourth track surfaced. The songs were so bad, Bender was convinced they were AI-generated, hijacking his profile and designed to dupe unsuspecting fans into racking up streams. Unlike Instagram or YouTube, where artists directly own their accounts, DSPs (Digital Service Providers) like Spotify require musicians to employ a digital distributor to upload their music. Ranging from entry-level services like TuneCore and CD Baby to established platforms DistroKid, AWAL, and local player GYROstream, distributors are largely similar — a go-between that handles licensing, royalties and metadata like artwork, song title and artist name. Therein lies a major red flag: they also share a lack of security protections. In seeking answers, Bender discovered a live-stream in which YouTuber TankTheTech showed how easy it was to create an AI-generated song and upload it to an artist profile. Within 10 minutes, with zero hacking or authentication required, a track can be cleared and approved to be released in five to seven days. "That just blew my mind," says Bender. "It's unheard of in an online space. Through any other website, app, or form of transaction, there's always some sort of authentication process involved." The whole process is effectively functioning on an honour-based system, "which is incredibly inappropriate for the music industry — one of the slimiest, most parasitic places in the universe", Bender notes. The issue isn't exclusive to Spotify. The fake Sweet Enoughs tracks also appeared across Apple Music, Tidal, YouTube Music, and Deezer. And Bender isn't the only victim. The trend extends to Australian acts such as Pond, Northlane, Alpha Wolf, Thy Art Is Murder and Polaris, who were part of a raft of heavy acts in late 2024 who saw fakes pop up in their profiles. Spotify users have taken to social media and message boards with complaints about AI-generated music being platformed, while fake profiles have been linked to deceased artists, including hip hop visionary Madvillian, late electronic producer SOPHIE and even the legendary Brian Wilson. Bender and his label, Wondercore Island, have been making noise on social media about the issue. The comments are filled with multiple instances of artists experiencing the same problem. There were even examples of a (since removed) AI-generated album trained to model Norwegian pop singer Annie, mirroring the 2023 case where Universal Music Group successfully had a song featuring AI-faked Drake and The Weeknd vocals pulled from streaming services. "It is so grim, so dystopian, and so Black Mirror that it's beyond the pale," Bender says. The situation marks another blow for musicians already struggling with the financial realities of high-cost touring, low-return streaming royalties, all while competing harder than ever in the attention economy. Bender says if streamers and distributors implemented safeguards like two-factor authentication, "99 per cent of this problem goes away immediately". Instead, "everybody's just shrugging their shoulders and passing the buck and acting like they had no responsibility in any of this", says Anthony Fantano, self-styled "internet's busiest music nerd", in a video on the topic prompted by Bender's social outcries. When the Sweet Enoughs knock-offs first began appearing, Wondercore label head Si Jay Gould alerted Spotify. The streamer took six weeks to respond to him and the group's distributor, PIAS. "We never got an explanation as to why it took so long," says Gould. "[They said], 'So sorry that you have had this happen and it's caused you distress. It's a mapping issue when artists have the same name.'" Mapping is based on the metadata provided to Spotify by the digital distributor. Mapping issues "are not common", a spokesperson for Spotify Australia told Double J. "We were told this happens a lot," Gould counters. "But haven't had a case — at least in the Australian office or with our friends at [famed UK label] Ninja Tune — where it's happened four times in quick succession on an artist's account. That felt relatively new." Rather than remove the duplicates, Spotify instead created separate accounts, meaning there are currently five profiles for The Sweet Enoughs: Bender and four alleged impersonators — one for each track. As such, Spotify Australia said: "This specific issue was resolved several weeks ago," and emphasised their Spotify For Artists resource materials, including when music is uploaded to an incorrect profile. Bender, however, is far from satisfied, calling the response "generic" and "laughable". He says the streamer has failed to address what he sees as the underlying problem: an easy-to-exploit loophole that's widened with the increased adoption of AI tools. "It has just made an existing problem exponentially worse." Streaming has been increasingly plagued in recent years by fraudsters who rely on automation — using bots, click farms, or illegitimate promo services — to boost plays of artificial songs, albums, and artists. It's a scheme that costs the music industry around $US2 billion per year, according to data-tracking firm Beatdapp. It's also become cheaper, quicker and easier than ever to implement, courtesy of AI music-generation tools like Suno, Udio, and Mubert, which generated 100 million tracks and streams in 2023. In April, Deezer reported 18 per cent of its daily uptake — that's 20,000 tracks – is fully AI-generated, while industry analysts estimate the figure is 10 per cent across the streaming ecosphere. The concern is scammers are taking advantage of weak security to flood multiple platforms and profiles with fraudulent music, then skim just enough royalties from plays to matter but a small enough amount to allow them to fly under the radar. Deezer uses AI-detection tools to purge offenders while Apple Music boasts that less than 1 per cent of their streams are fraudulent. Spotify says it puts "significant engineering resources and research into detecting, mitigating, and removing artificial streaming activity", punishing offenders with fines, suspension and removal from the platform. However, the Swedish company also embraces AI tools that have made musicians uneasy, such as its AI-powered DJ and the imminent launch of a personalised playlist powered by Chat-GPT-styled prompts. "We want more humans to make it as artists and creators, but what is creativity in the future with AI?" CEO Daniel Ek asked at Spotify's 'Open House' event, hosted in Stockholm earlier this month. "I don't know. What is music anyway?" Ek sees AI less as a threat and more as a democratising force that lowers the barrier for entry to aspiring musicians. Additionally, Bryan Johnson, head of Artist & Industry Partnerships, acknowledged "how frustrating" streaming fraud can be, but that there is "infinitely small consumption" of fully AI-generated tracks on Spotify. He added, "They are fully removed from royalty calculations and do not dilute the royalty pool in any way." Spotify Australia's rep said the offending Sweet Enoughs tracks being AI generated was "speculation and not verified… These songs were not AI despite the consistent narrative here". Bender, who emphasises possessing a healthy pair of eyes and ears, says that's disingenuous. "Disingenuous is the most polite way to put it. "I think that it's such a f***ing cop-out to suggest that, 'Oh well, we don't know it's AI.' Obviously, if I was a scammer, I'm not going into a studio and recording music. I'm going to go on Suno or Udio and generate 500 songs, almost instantly." Gould reasons that The Sweet Enoughs weren't "targeted by a specific human" but instead were collateral damage. "The Sweet Enoughs is not a super-unusual name. No-one else has chosen it. But if I was running a program churning out thousands of fake artists every week, uploading music via distributors en masse, there's potential…" He can't prove it. "But it sure f***ing seems like AI, [and Spotify] can't prove that it isn't." The situation leaves many smaller labels and independent artists disempowered. Without the backing of a major label to police things, their only recourse is to play a time-consuming, labour-intensive game of "whack-a-mole." In sleuthing out the source of the alleged imitators, Gould's hunt led him to digital distributor Ditto Music, (which, it should be noted, is not on Spotify's list of "preferred" digital distributors). But all attempts to communicate with Ditto's Australian office and manager were met with "absolute crickets". Reverse-engineering a search on the artwork for one song revealed it to be a stock image used across several other tracks, including one on Spotify supposedly featuring pop star Camilla Caballo but credited to one MC Rhymes. A "22-year-old American rapper, songwriter, and record producer", according to his Spotify profile, MC Rhymes has 1 million followers on Instagram, yet only 826 monthly Spotify listeners. The numbers don't add up. "I was trying to work it out," says Gould. "He's actually ripped one of Caballo's songs ['U Shaped Space'], changed it slightly, retitled it. But it's not appearing on her profile, it's appearing on his — it's there and getting streams." Gould deadpans that his next course of action is to "pay a lawyer $2,000 to send cease-and-desist orders, start the process of going through the distributors to eventually get IP addresses from Ditto and engage some cybercrime team so we can litigate … against a factory in Eastern Europe with a bunch of computers rigged up". While streaming royalties are famously low — the average Spotify payout is $0.004 per play — in a streaming business worth nearly $600 million locally (according to ARIA), those many marginal streams from a multitude of accounts begin to add up. "The more I've thought about it, the only way this works is if someone can do this on an insanely large scale," notes Bender. "And the fact there's this wide open door." He says if a fraudster had to hack passwords and accounts, or record passable music, "the whole scam becomes too hard to bother with". Bender has been creating memes as a coping mechanism, but the punchlines only work because "this isn't a complex problem to solve. Every streaming company is filled with developers who could figure out how to solve this in a lunch break. But have they?" He and Gould believe there's no incentive for streamers and distributors to "create greater protections … it's just going to drive labour hours and it doesn't increase profits at all". The Sweet Enoughs' plight has found an ally in Michael League, leader of respected jazz fusion group Snarky Puppy, who has taken the issue to Grammys senior executive Nick Cucci. "Who was horrified and just flabbergasted," notes Bender. The plan is to escalate their complaints to Recording Academy CEO Harvey Mason Jr and take it all the way to US Congress, "because this is absolutely a lawless environment", Bender emphasises. "I would say the entire streaming industry is operating on criminal levels of negligence. I can't think of another industry where being able to impersonate someone for monetary gain isn't taken deathly seriously." The Sweet Enoughs, Wondercore Island, along with Hiatus Kaiyote and League's Snarky Puppy, are rallying their peers for an open letter pressuring accountability from DSPs and digital distributors. More than 70 artists — including Anderson .Paak, Willow Smith, Rapsody, Kimbra and Australians Genesis Owusu, The Teskey Brothers and Surprise Chef — have signed the open letter, which demands streamers and distributors implement a functional authentication system as a "bare minimum." "Without one, the future of the streaming landscape is one populated with an endless sea of AI impersonations that impacts artists and cheapens the experience and usefulness of the streaming platforms themselves." It concludes: "We are calling on the music industry, politicians and lawmakers around the world to take measures to protect our creators in these most uncertain times." It's the latest public warning that AI won't just muscle in on musicians' profits and creativity. It will replace them. Last year, high-profile artists like Billie Eilish, ABBA and Stevie Wonder demanded protections against unlicensed use of music to train AI. In February, a coalition of more than 1,000 musicians issued a silent album in protest against UK government plans to allow AI companies to use copyright-protected work without permission. Last year, a chorus of Australian artists — including Missy Higgins, Jimmy Barnes and Bernard Fanning — lent their support to an APRA AMCOS report warning on the devastating impacts artificial intelligence could have on their careers. They demanded urgent action from the government for policies to regulate AI, estimating it could cost the local industry $519 million by 2027. "A Napster-level disruption," says Nicholas Picard, executive director of Public Affairs and Government Relations at APRA AMCOS. "AI is one of the biggest threats facing songwriters and composers today," Picard says. "There's about 100,000 tracks being uploaded every day on DSPs. That in itself makes it very hard for local artists to be visible in front of audiences both locally and globally. Add in what is emerging to be AI slop that is being automatically uploaded on these platforms [and artists are] now competing with them directly." Following the APRA AMCOS report, the government proposed draft AI regulations, including "mandatory guardrails" concerning transparency. "[That's] one of the main things artists and the creative community are calling for," notes Picard. The industry response has been "really positive", he says, and following Labor's federal election win, APRA AMCOS will be "picking up those conversations with those new portfolio holders to really get that work underway so those mandatory guardrails can happen". "There is a big global regulatory battle happening between the artists and the owners of their intellectual property, and the platforms," he says. A spokesperson for ARIA (Australian Recording Industry Association) also acknowledged the "growing threat of AI-generated fraud". They told Double J: "ARIA is fully aligned with the global recording industry position — and frequent advocacy — that artists' rights and the integrity of original recordings must be protected, with clear frameworks established globally to prevent misuse and unauthorised exploitation." Then there's the Music Fights Fraud Alliance, which bills itself as "a global task force aimed at eradicating streaming fraud". Established in 2023, the Music Fights Fraud Alliance is amalgamating members from streaming platforms, distributors and labels in a bid to agree on structured protections. Gould has been "following the breadcrumbs around that" and wants to combine their efforts but is "trying to understand what the road map looks like. "What sort of timeline are they on? Are thy facing certain roadblocks that we could assist with? "Or actually, are they just a corporate shell and everyone's just wading water until they can just blast AI and push all the musicians out of the way?" He quotes his friend Stuart Grant, from Aussie punk band Primitive Calculators. "It seems like, for the longest time, the biggest problem for the music industry has always been musicians. And finally, they don't need to worry about them anymore." Bender has been working on a new Sweet Enoughs record, due "sometime this year", which expands it "from a little insular project into a very wide collaborative effort" involving some famous friends — whose names he can't reveal just yet. But the positivity of the process has been soured by his recent experiences. "There's already so many problems in the streaming sphere and the music industry in general. But this one? This one could absolutely be solved. "There needs to be regulations in place. There needs to be at least some dignity afforded by protecting the identities and the intellectual property and the likeness and the idea of all these artists. "That you can guarantee that, 'Yes, this is their music.' Not some robot pretending to be them. Not some scumbag with a bot farm producing garbage to scrape literal percentages of pennies from a million directions at once."
Sydney Morning Herald
28-05-2025
- Entertainment
- Sydney Morning Herald
This musician was getting millions of streams. Then fake tracks appeared under his name
'If this doesn't change, people are going to start training AI on your entire discography. Then they upload songs that actually sound like you. Fans go to your page, hear something that sort of sounds right — but it's shit.' Paul Bender (at right) with his band Hiatus Kaiyote: (from left) Perrin Moss, Simon Mavin and Naomi Saalfield aka Nai Palm. The problem, he says, is wilful inaction from distributors and streamers. Even basic password protection 'would solve 99 per cent of these cases overnight. Two-factor authentication would solve more. These tech companies are full of developers who could fix this in an afternoon. So far 'it's just them passing the buck — 'it's the distributor's fault, no, it's the platform's fault'. It's a copout. It just proves how demoralising this system is for artists.' Spotify, which commands more than 30 per cent of the global streaming market, acknowledged the fakes issue in 2023 when it removed tens of thousands of tracks uploaded by AI music startup Boomy. That followed pressure from Universal Music Group, its biggest licensor. The Sweet Enoughs' boutique label, Wondercore Island, has had less success. 'It took Spotify six weeks to lift a finger,' says label head Si Jay Gould. 'They're calling it a 'mapping issue' — as if four artists just happened to release terrible AI music under our name. 'There's no incentive to protect us. We're being impersonated, we're losing income, our brand is being damaged, and the response is: 'We've done what we can.' It shows how little they value artists.' Even now, though Spotify has uncoupled the four fakes from the Sweet Enoughs' profile, the tracks remain live under that name, ready to deceive fans looking for real music. Spotify declined to comment for this story. When asked about authentication systems, an Australian spokesperson referred us to the company's extensive Spotify for Artists educational manuals. The scale of hijacking 'can't be human', Gould says. 'The money's too marginal.' Like those old computer scams creaming fractions of cents from millions of bank accounts, 'it has to be automated. I assume they're targeting artists who do well in the algorithm — names the system likes.' Loading Industry indicators confirm a growing problem. Deezer reported that 18 per cent of its daily uploads in early 2025 were fully AI-generated. Music generator Mubert claims over 100 million AI tracks were created on its platform in the first half of 2023. The global Music Fights Fraud Alliance estimates 10 per cent of global streams are fraudulent, often driven by bots, fake profiles or click farms. Some distributors report fraud rates of up to 50 per cent, potentially diverting up to $US3 billion annually from artists. Now musicians are fighting back. Michael League, best known as leader of American jazz collective Snarky Puppy, says he has collected 'several dozen testimonials from artists of various genres and levels of visibility recounting their experiences with AI-generated music being uploaded to their account without their consent'. League has briefed the Recording Academy's New York chapter on the hijacking of his own solo artist profile. He says senior executive director Nick Cucci has indicated he will escalate the complaint within the Grammy organisation this week. 'I've been both shocked and horrified by the volume of messages I've received,' League says. 'It's like a silent epidemic in our industry.' Behind the languid chill of The Sweet Enoughs, Paul Bender is fuming. 'It's not resolved, it's multiplying,' he says. 'I'm f---ing ropeable … You're building towards a new album, and suddenly this steaming pile of crap lands in the middle of your Spotify profile. It's vile and disrespectful. 'There are people in this industry who seem to actively loathe musicians. It's almost sadistic. Real human music and AI slop are the same to them. It's all just a commodity. It's all just content.' Get the day's breaking news, entertainment ideas and a long read to enjoy. Sign up to receive our Evening Edition newsletter.
Crypto Insight
19-05-2025
- Business
- Crypto Insight
Coinbase hit with wave of lawsuits over customer data breaches
Coinbase has been hit with a flood of lawsuits after it recently disclosed its user data was breached, with users accusing the crypto exchange of mishandling the incident. At least six lawsuits were filed against Coinbase between May 15 and May 16, which all made various claims that the exchange failed to keep stringent security protocols to protect user data and handled the data breach aftermath poorly. In one of the lawsuits, filed in a New York federal court on May 16, plaintiff Paul Bender argued that Coinbase failed to protect the sensitive personal information of millions of users during the data breach. Users are suing Coinbase, alleging the exchange failed to protect their sensitive data. Source: PACER Coinbase reported on May 15 that four days earlier it had been hit with a $20 million extortion attempt after cybercriminals bribed several of its customer support agents to access internal systems and steal a limited amount of user account data. The stolen data included names, addresses, phone numbers, emails, the last four digits of Social Security numbers, some bank account identifiers, driver's licenses, passports and some account data, such as balance snapshots and transaction history. Bender claimed that 'Coinbase failed to implement and maintain reasonable security safeguards,' which exposed users to 'serious and ongoing risks.' The suit also claimed Coinbase's response to the incident was 'inadequate, fragmented, and delayed.' 'Users were not promptly or fully informed of the compromise, and Coinbase did not immediately take meaningful steps to mitigate further harm, provide identity protection services, or offer actionable guidance to affected individuals,' the complaint claimed. The lawsuit claimed users could face 'substantial, immediate, and ongoing threat of identity theft and financial fraud' and that the consequences of the breach could be long-term or 'potentially permanent' because the compromised information can't be recovered or made secure once exposed. Flurry of lawsuits make similar allegations Two other lawsuits filed in a New York federal court made similar claims against Coinbase, while a fourth lawsuit added the allegation of unjust enrichment, arguing that Coinbase didn't spend enough on data security measures. All four complaints ask for damages and other measures to help protect the plaintiff's sensitive data. Meanwhile, a fifth lawsuit filed in a California federal court on May 15 made similar claims against Coinbase, but asked the court to order Coinbase to purge all sensitive data it holds about the plaintiffs and hire third-party security auditors to test its security systems, among other requests. A Coinbase spokesperson did not comment on the lawsuits and instead pointed Cointelegraph to a blog post it shared regarding the data breaches. Coinbase said it refused to pay the $20 million ransom and has flagged plans to reimburse users tricked into sending crypto to phishing scammers due to the data breach. In a filing with the US Securities and Exchange Commission, the exchange said it expects reimbursement expenses ranging from $180 million to $400 million. The exchange also reportedly fired a group of customer support agents based in India following their alleged involvement in social engineering attacks on users. Coinbase (COIN) shares dipped 7% and dropped to $244 after it disclosed the data breach along with an ongoing SEC probe over misstated user numbers in 2021. The stock has since staged a comeback, spiking 9% and hitting $266 by the closing bell on May 16, according to Google Finance. Source:
