Please report sensitive security issues via Spotify's bug-bounty program by following this instruction, rather than GitHub.