Pro-Iranian hackers say recent Spotify outage was revenge for US action in their country

Spotify experienced a widespread outage on May 12, 2026, affecting apps, web players, and support services for several hours.
Team 313 of the Islamic Cyber Resistance in Iraq claimed responsibility, claiming to have launched a DDoS attack on Spotify’s servers.
The same group recently targeted Canonical, adding to its sporadic record of disruptive cyberattacks against major platforms.

The Islamic Cyber Resistance Team 313 in Iraq, a hacker collective that sporadically targets businesses and services across the Western world, has claimed responsibility for the recent major Spotify outage.

On May 12, 2026, thousands of Spotify users reported issues with the app, web player, and support site. The music streaming service confirmed it was “currently aware of some issues with the app” and said it was investigating the matter.

Now, the pro-Iranian hacking group has said it was responsible for the outage, confirming that Spotify suffered a distributed denial of service (DDoS) attack.

Revenge for Khamenei?

“The hand of vengeance will reach the assassins of Imam Khamenei,” the group reportedly said on Telegram, Jerusalem Post reported. In the same announcement, the group said it had “carried out a massive cyberattack targeting Spotify’s main servers, causing a major disruption to the website and completely disabling the application.”

The issues started around 12pm ET / 5pm BST, with the first outage reports appearing on Down Detector. Reports increased steadily over the next 20-30 minutes, peaking at around 14,000 at 1:20 p.m. ET / 6:20 p.m. BST – then seemed to decrease.

However, more than 2 hours later, users in the US and UK reported having trouble loading the app on desktop or mobile, although offline tunes seemed to work. Eventually, the cross-platform app came back to life and Spotify confirmed that the issue had been fixed shortly before 5 p.m. ET / 10 p.m. BST.

Team 313 isn’t the most active group, but it also recently hit Canonical, the company behind the popular Linux distribution Ubuntu.

“Canonical’s web infrastructure is under sustained cross-border attack and we are working to remediate it. We will provide more information on our official channels as soon as we can,” the company said at the time.

Discussing the attack on the unofficial Ubuntu forums, community members confirmed that the distribution’s security API was affected, as well as several websites. System updates and installations were also not available at the time.