.png){kind=logo}
Spotify has come under scrutiny after a piracy group claimed scraping the platform’s music library, allegedly accessing 86 million tracks. Sparking concerns over digital security, this incident signals how fragile platform protection can become when under piracy threats.
Spotify confirmed that it has disabled the accounts involved in unlawful scraping.
A pirate activist group allegedly accessed Spotify’s music catalogue, as posted in the open-source research engine Anna’s Archive. The activist group is said to have captured around 256 million rows of track metadata and up to 86 million audio files.
The storage size is around 300TB; the release is set for distribution via bulk torrents, grouped by popularity, and will roll out in stages. According to the post, the archive represents about 99.6 per cent of total listens on Spotify, prioritised using the platform’s popularity metric.
The group framed the project as a cultural preservation effort. While Anna’s Archive typically focuses on books and academic papers, it noted that music preservation aligns with its broader mission of ‘preserving humanity’s knowledge and culture.’
The post argues that existing music archives tend to over-represent popular artists and prioritize high-quality but storage-heavy formats. The group also believes the modern music scene lacks a single, authoritative catalogue intended to cover all recorded music.
Anna’s Archive claimed its database includes 186 million unique ISRCs (International Standard Recording Codes), making it the largest publicly available music metadata collection to date. If this statement turns out to be true, it will be much bigger than the existing open music databases such as MusicBrainz.
As of Sunday, December 21, only metadata had been publicly released, not the audio files themselves. The music files are expected to follow gradually, starting with the most popular tracks.
The group stated that the audio is largely preserved in Spotify’s original OGG Vorbis format at 160 kbps for popular tracks, with less popular material re-encoded at lower bitrates to reduce storage requirements. The archive reportedly covers releases up to July 2025.
A Spotify spokesperson released a statement: “Spotify has identified and disabled the nefarious user accounts that engaged in unlawful scraping. We’ve implemented new safeguards for these types of anti-copyright attacks and are actively monitoring for suspicious behavior. Since day one, we have stood with the artist community against piracy, and we are actively working with our industry partners to protect creators and defend their rights.”
In a separate statement, Spotify said an internal investigation found that a “third party scraped public metadata and used illicit tactics to circumvent DRM protections to access some audio files.” The investigation is still ongoing.
Also Read: Users Can Now Command Spotify’s Algorithm With New ‘Prompted Playlists’
Yoav Zimmerman, CEO/co-founder at Third Chair, posted on LinkedIn, saying, “Anyone can now, in theory, create their own personal free version of Spotify (all music up to 2025) with enough storage and a personal media streaming server like Plex. The only real barriers are copyright law and fear of enforcement.”
This incident highlights the growing tension between digital preservation efforts and the commercialized streaming models of today’s music industry. Regardless of the outcome, it serves as a reminder that even the biggest tech platforms are not safe from emerging cyber threats.
