MusicArray:
Helsinki’s Bot Attack Fiasco
What is MusicArray?
🧠 MusicArray was a playlist promotion company that used deceptive tactics to target artists in an unethical scheme. Rather than creating playlists that listeners wanted and artists approved of, MusicArray loaded playlists with bots and added artists without their consent, hoping to mislead them into thinking the fake streams were genuine listeners.
How This Scam Worked:
MusicArray hoped that people would email them (using the contact info they would leave in their playlist descriptions), asking, “How can I stay on this amazing playlist?” MusicArray would respond, and basically tell them, “You can pay us to stay on it.” If the artist was misinformed enough to pay them, then the MusicArray scam had completed one successful grift. They played the numbers game, betting that out of thousands of artists they would bot attack, some small percentage would fall for their pay-to-stay scheme.
MusicArray: Overview
This scam was one for the record books. For a while, almost every artist between 5k monthly listeners and 45k monthly listeners was being playlisted against their will by MusicArray, always within a few days of a new song releasing.
MusicArray’s ability to add so many new songs to so many playlists seemed almost impossible – beyond what even a large team of people could accomplish.
MusicArray was totally indiscriminate when it came to genre, song style, production quality, country of origin – it didn’t really matter what the song was like or who the artist was.
‼️ The MusicArray fiasco affected almost all moderately sized artists at some point – and many were hit again and again by these bot-attacks.
Some artists probably experienced this without realizing it was a bot attack. They might have noticed a sudden spike in streams and unknowingly fell into the trap set by MusicArray, with some even paying to stay on playlists.
Most artists, however, knew right away that something wasn’t right. There is a certain amount of anticipated streams you expect to get in week one, and when streams dramatically exceed that all at once, most artists know that it can only be one of two things causing that:
- You’ve been placed on an Editorial Playlist, which is curated by actual Spotify employees. This is like finding the golden ticket, and it’s a huge milestone for many hopeful artists.
- No golden ticket. No meteoric rise to fame. You’ve just been added to a bot playlist. Again.
As such, most of use knew something was wrong as soon as the bot-attack hit, and felt increasingly furious every time our new releases were added to these bot playlists automatically. For some, it would happen with every release, like clockwork.
At the same time, Spotify started removing tracks due to excessive bot streams from MusicArray, leaving artists frustrated. Artists were essentially the victims in these bot attacks, but they felt like they were being punished for the crimes committed against them by MusicArray.
How Did MusicArray Pull This Off?
How did MusicArray do it? As I said before, it was done through an automated process.
✍🏻 Artists would notice an unexpected spike in streams, often coming from Helsinki, Finland, which is where the term “Helsinkied” originated.
MusicArray used a crawling algorithm to scrape Spotify for new releases, automatically adding tracks to their bot playlists without the artists’ consent or knowledge. When this happens, it is known as a bot-attack.
Rabbit Hole:
🕵🏻 Tell Me Your Theories on the Name “MusicArray”
Wow, so glad you asked! The name “MusicArray” likely comes from the concept of an array in coding, which refers to a structured collection of elements organized in a specific order, just like how playlists or track-lists are organized.
In coding, an array holds a series of items (like songs), all stored together and accessible by their index (or position). The array allows a program to quickly access or modify these items based on where they sit in the collection.
While researching the person behind MusicArray for this story (his name is Jason Luong, by the way), I found an archived post on a programming forum linked to him. He mentioned needing help with a parsing error in his Music Array index and had linked a file, but the link was no longer active.
But the comment got me thinking. Assuming this is the same Jason Luong – when he mentions a “music array,” this makes sense. This likely inspired the playlist scam. If true, Jason was developing an automated sorting system that treated music tracks like array elements, indexed and organized for easy access or manipulation – completely automatic.
In MusicArray’s case, the company name likely comes from how they handled music data and edited playlists. They probably created an “array” of songs, which is a collection of tracks, and used algorithms to automatically add songs to their playlists.
This is like how a coder uses an array to access or change data. When Jason talked about “parsing errors” in his “music array index,” he likely meant problems in the system that organized the tracks in his playlists.
So, the name MusicArray could suggest the company’s behind-the-scenes coding work to organize, store, and manipulate music tracks, much like how arrays are used to manage data in programming.
I know that many people aren’t familiar with coding, so here’s the main point: MusicArray didn’t just create playlists with bots; they might have used a coding method to automatically add new music, treating songs like data entries. They did unethical things without having to put in any real effort. Somehow makes it feel worse, doesn’t it?
This array method shouldn’t have worked on a platform like Spotify. It might have been possible due to weaknesses in Spotify’s API, but it’s unclear how they achieved this, and we are all really just relying on guesses and speculation.
This link between coding and the attacks on independent artists’ new music shows an automatic, mechanical approach to bot attacks, similar to what we see in programming when using Arrays to edit data sets in bulk.
Given that Jason has a track record of un-creative naming (you’ll see what I mean later) it’s likely that the name “MusicArray” came from the mechanisms Jason used to create this scam in the first place.
Jason likely used a version of array coding and repurposed it for playlist curation, using that to attack artists with bots. And beyond the initial coding process, he didn’t even have to lift a finger to do it. The system maintained itself.
In short, MusicArray made it easy to add songs to bot playlists. It wasn’t a big team doing this, just one person looking for ways to harm others for a bit of passive income. It was all pretty shady. It would have been bad no matter how he did it. But, to many, automated wrongdoing feels even worse than if someone had to actually work to do it.
What Does it Mean to be ‘Helsinkied’?
Being “Helsinkied” meant that your track had been bot-attacked by MusicArray’s playlists. While it might seem exciting to see an immediate increase in streams, this practice was extremely damaging.
Spotify’s algorithm could detect the artificial engagement generated by these bot playlists, and in most cases, Spotify would remove the artist’s track entirely for violating their artificial streaming policies.
Many artists, especially those with smaller followings, were disproportionately affected by this, as Spotify’s 90/10 rule could severely penalize them.
Artists who didn’t ask to be on these playlists were left without a clear way to remove themselves, with their tracks vanishing in just days, sometimes right after their release.
MusicArray’s Pay-to-Stay Scheme
MusicArray didn’t stop at just bot-attacking. For bot-attacking to make sense to scammers, it has to be somehow profitable. Here’s how that worked: MusicArray’s scheme was designed to lure artists into paying for playlist placement. Once an artist noticed the sudden spike in streams, they might investigate the playlist responsible.
MusicArray conveniently left an email in the playlist description, hoping artists would reach out to learn how to stay on the playlist. Their response would be something like, “We love your music and are happy to support it for free this time, but to continue staying in rotation, it will cost X amount per month.”
✍🏻 Most artists didn’t willingly seek out this company. Instead, most were bot attacked, being added to these playlists without their consent.
Some artists might be tricked into contacting MusicArray to stay in rotation, but most would realize they had been “Helsinkied.” They would feel scared and angry, with no quick way to remove themselves from the playlist and the constant risk of their track being removed from Spotify due to fake streams.
This scam primarily targeted artists with 5k to 45k monthly listeners—those somewhere between minorly and moderately established, but not so established that they might just ignore the burst of additional streams. After all, it would be hard to sell promotion to an artist like Drake, as he’s in no need of additional listeners.
Smaller artists were hit hardest by these attacks, as they often lacked enough organic streams during the initial release days to offset the artificial streams from MusicArray’s bots. This is why smaller artists often had their tracks removed as a penalty, and why it appeared that they faced this issue more often than established artists who were also targeted by bots.
To clarify, Spotify has recently issued a 90/10 policy, which roughly advised that any track which hits a mark of 90% bot plays to 10% real plays would be subject to automatic removal by participating distributors (FYI, all the ones you can name are “participating”, including DistroKid).
Artists who are more established and have a lot of natural, organic streams in week one are less likely to have their track removed, as the more organic streams you have, the more the MusicArray bot streams become just a drop in the proverbial bucket. But smaller artists didn’t have this organic following in place to absorb the sudden influx of bot traffic.
🧠 This led to the phenomenon of smaller artists seeing their tracks removed within just a few days of release due to these bot attacks, where more established artists (who were also bot attacked by MusicArray) appeared to be spared that fate, with their tracks surviving the takedown penalty and remaining on Spotify.
This wasn’t directly an act of Spotify playing favorites. It was just an unanticipated result of their new artificial streaming policy, which, were it not for bot attacks, would be something that all upstanding artists would welcome and appreciate.
All of this fallout was thanks to MusicArray’s underhanded tactics, insidious scraping algorithms, and unethical profiteering schemes.
The Faces Behind MusicArray: Jason Luong aka ‘Jimmy Cook’
At the center of this scam is Jason Luong, a man who goes by “Jimmy Cook” in his MusicArray dealings (a pseudonym taken from a Drake song). Operating from Tualatin, Oregon, Jason incorporated his business under the ridiculously unoriginal name of “Umbrella Corporation.”
He also ran a subsidiary called “Planet Express Shipping,” a nod to the popular cartoon Futurama. Planet Express Shipping appeared to handle questionable logistics, possibly allowing companies to ship goods privately from overseas.
Jason’s business fronts weren’t limited to Oregon. He also spent a good deal of time in Las Vegas, Nevada. However, it’s important not to confuse him with a completely unrelated person, Jason Loung, who works at the Venetian Hotel and has no connection to MusicArray, or any of these sketchy events.
How MusicArray Went Down
Before I was a writer for Music Scam Alert, I had a habit of investigating various grifts in the music industry, often confronting scammers and attempting to shut down their operations with limited time and resources. It was surprisingly effective, given those limitations.
I’m also an independent artist, just like many of you are. After being bot-attacked by MusicArray multiple times, I went on to investigate the company behind the attacks. After quickly discovering Jason’s shady practices, I confronted him directly via email and threatened to report him to the IRS. This usually works, if the business is located in the USA, and I already knew that MusicArray was operating out of Oregon.
After some back and forth with Jason via email, he seemed to get increasingly unnerved by the evidence I was sending to him, and after about a day of this, his playlists temporarily went offline. Only to return again a week later.
This time, I wasn’t willing to play around anymore. I alerted Spotify through their Spotify for Artists account on Threads, providing detailed information about MusicArray’s bot usage and fraudulent tactics, pleading for them to address the bot-attack issue.
Spotify responded with a vague “we’re working on it” (not a direct quote, but close enough). They also made note of the fact that they believed the bot “attack” issue was a relatively rare event, and implied that most of the artificial streams came from willing participants in these bot promotion schemes.
Essentially Spotify seemed to be saying, Y’all did this to yourself.
But it appears Spotify came through for us, despite that unnerving response. Shortly after the Threads interaction, MusicArray’s website, playlists, and all traces of its business presence disappeared from the internet. Months of radio silence seems to indicate they may be gone for good. One can only hope.
While it may seem like the end of MusicArray, there’s always the possibility they are laying low, waiting to resurface. Personally, I have decided to remain cautiously optimistic that this might be the end of the Helsinki fiasco. But, just because MusicArray is gone, doesn’t mean some copy-cat can’t show up and run the same game. There’s always room for rebirth in the scam world.
What Can Be Done?
One temporary solution we devised was to suggest artists remove Finland from their distribution, as this was where most of the bot activity originated.
While this method was devised to solve the Helsinki problem – in theory, it should also work for any bot attack problem where the country of origin can be clearly identified. Usually you can do this by looking at where the streams are coming from on your Spotify For Artists dashboard.
If you are dealing with a bot attack problem currently, see our solutions page for a way off of those playlists. To prevent being put on bot-playlists in the future (accomplished by excluding countries like Finland from your distribution), visit our prevention page.
However, this was just a band-aid. Some Finnish listeners weren’t too thrilled about the change, but it was a necessary step to protect artists from the bot attacks.
We also recommend reaching out to Spotify For Artists, requesting that they provide an “opt-out” button for large user-generated playlists to give artists more control over where their music ends up. Especially if we are going to be held responsible for any artificial streams, likely coming from playlists we don’t even want to be on.
Final Thoughts
✍🏻 MusicArray’s tactics caused severe harm to countless independent artists, many of whom had their tracks removed from Spotify without warning.
Jason Luong (aka Jimmy Cook) and his web of suspicious companies could re-brand and resurface at any time.
As an artist, it’s crucial to remain vigilant when dealing with playlist promotion services. While MusicArray may be gone, they’ve hardly been forgotten.
The damage they caused to the careers of many independent artists is something we are just now beginning to take full census of, and this may not be the last company we see trying to run a scam operation of this nature.
We encourage everyone to take advantage of the resources located at the bottom of this page, to help you solve bot attacks when they happen, prevent them from occurring, and to take steps to advocate for systematic changes to Spotify’s features and policies. Together, we can combat these scams and stop the damaging effects before they take hold. You’re not in this alone. Music Scam Alert has your back.
Resources
Prevent Attacks
Check out our Prevention Page for tips on how to protect yourself from being bot attacked.
Get Off a Bot Playlist
Check out our Solutions Page for actionable steps you can take to get off a bot playlist that you’re currently on.
Learn About Bot Attacks
Visit our topic post covering all you need to know about Bot Attack Scams, located in the Learning Annex.
Stay in the loop,
– Music Scam Alert Staff
don’t get duped.
Leave a Reply