Spotify Music Library Hack Explained: Piracy Group Alleges 86 Million Track Scrape

A pirate activist collective has allegedly accessed and prepared to distribute significant portions of Spotify’s music catalogue, including extensive metadata and potentially audio files. The claims were published on Anna’s Archive, an open-source research and preservation platform.

According to the group, it scraped Spotify’s library at scale, capturing approximately 256 million rows of track metadata and as many as 86 million audio files. Spotify, meanwhile, has said it has disabled accounts involved in unlawful scraping and strengthened its safeguards.

Spotify data breach: What’s being claimed

In a post on Anna’s Archive, the group said it had created what it describes as the world’s first fully open “preservation archive” for music. The alleged dataset reportedly includes metadata for around 256 million tracks and roughly 86 million music files, amounting to just under 300TB of data. The group claims the archive covers approximately 99.6 percent of all listens on Spotify, prioritised using the platform’s popularity metrics.

The release is said to be distributed via bulk torrents, organised by popularity and rolled out in stages. As of Sunday, December 21, only the metadata had been made publicly available, with no audio files released yet. According to the post, the music files are expected to follow gradually, starting with the most popular tracks.

The group stated that the audio has largely been preserved in Spotify’s original OGG Vorbis format at 160kbps for popular tracks, while less popular recordings have been re-encoded at lower bitrates to reduce storage requirements. The archive is claimed to include releases up to July 2025.

Positioning the initiative as a cultural preservation project rather than an act of piracy, the group argued that music fits within Anna’s Archive’s broader mission of “preserving humanity’s knowledge and culture.” While the platform is best known for archiving books and academic papers, the post criticised existing music archives for over-representing mainstream artists, relying on storage-heavy formats, and lacking a single, comprehensive catalogue of recorded music.

If accurate, the scale of the dataset would far exceed existing open music databases. For comparison, MusicBrainz currently lists around five million unique tracks. Anna’s Archive claims its collection includes 186 million unique ISRCs (International Standard Recording Codes), potentially making it the largest publicly available music metadata database to date.

Spotify’s response

Spotify said it has taken swift action. “Spotify has identified and disabled the nefarious user accounts that engaged in unlawful scraping,” a company spokesperson said. “We’ve implemented new safeguards for these types of anti-copyright attacks and are actively monitoring for suspicious behaviour. Since day one, we have stood with the artist community against piracy, and we are actively working with our industry partners to protect creators and defend their rights.”

In a separate statement reported by Billboard, Spotify said an internal investigation found that a third party scraped publicly accessible metadata and used illicit methods to bypass DRM protections to access some audio files. The company added that the investigation is ongoing.

The incident underscores a growing tension between large-scale digital preservation initiatives and the commercial streaming ecosystem that underpins today’s music industry. As Yoav Zimmerman, CEO and co-founder of Third Chair, observed, “Anyone can now, in theory, create their own personal free version of Spotify , all music up to 2025  with enough storage and a personal media server like Plex. The only real barriers are copyright law and fear of enforcement.”