Hackers access Spotify music library, expose 256m tracks

29 déc 2025 - 12:10

Published under the Creative Commons Licence

Spotify has confirmed a security breach after hackers claimed to have scraped the platform’s entire music library, including metadata for 256 million tracks and profiles of over 15.4 million artists. The perpetrators, identifying themselves as part of a “non-profit project” called Anna’s Archive, stated that they had also accessed around 86 million audio files, representing almost 99.6% of all Spotify streams.

Spotify confirmed the incident, noting that unauthorised access included public metadata and some audio files.

In a blog post, Anna’s Archive outlined the scope of the data, which covers track duration, stream counts, popularity metrics, genres, release dates, and other metadata. The group indicated that the audio files, totalling just under 300 terabytes, were intended for torrent distribution as a “preservation archive,” with potential plans to allow individual downloads if there was sufficient interest.

“A while ago, we discovered a way to scrape Spotify at scale… For now this is a torrents-only archive aimed at preservation,” the group wrote.

The breach raises concerns for artists and rights holders, particularly regarding potential use of the files to train generative artificial intelligence models. Yoav Zimmerman, head of Third Chair, commented, “The data is circulating on P2P networks, and there is no putting this back in Pandora’s box. Anyone can now, in theory, create their own personal free version of Spotify with enough storage and a personal media server. The only real barriers are copyright law and fear of enforcement.”

Spotify confirmed the incident, noting that unauthorised access included public metadata and some audio files. The company said it was actively investigating the breach and had taken immediate measures to protect its platform.

“Spotify has identified and disabled the nefarious user accounts that engaged in unlawful scraping,” a spokesperson said. “We’ve implemented new safeguards for these types of anti-copyright attacks and are actively monitoring for suspicious behaviour. Since day one, we have stood with the artist community against piracy, and we are actively working with our industry partners to protect creators and defend their rights.”

Anna’s Archive stated that the metadata had been released publicly, with audio files being made available in order of popularity. While the project claims not to host copyrighted material, the potential for distribution and use in AI training has prompted alarm among music industry observers.

The full impact of the breach remains uncertain, and Spotify has not yet detailed the potential consequences for artists, users, or the platform itself.

Spotify