Spotify is investigating a suspected data breach after a pirate activist group claimed it scraped the platform’s music library. The streaming giant confirmed on Monday that a third party accessed parts of its catalogue without authorisation.
The claim was published on Anna’s Archive, an open source search engine known for hosting shadow libraries. The group said it backed up Spotify’s catalogue and released metadata for around 256 million tracks online.
It also claimed access to 86 million audio files, covering almost all listening activity on the platform. According to the post, the data spans music uploaded between 2007 and 2025.
Anna’s Archive described the release as the world’s first open preservation archive for music. Spotify acknowledged the scraping and said illicit tactics were used to bypass digital rights management protections.
A company spokesperson said the responsible user accounts were identified and disabled. Spotify added that new safeguards were introduced to prevent further anti copyright attacks.
The company said it is actively monitoring the situation for suspicious behaviour. Spotify stressed there is no evidence that private user information was compromised.
Only public playlists created by users may be included in the scraped data.
Hackers claimed the total data size was just under 300 terabytes. They said the files would be shared through peer to peer torrent networks.
Anna’s Archive said its mission is preserving humanity’s knowledge and culture. Until now, the platform focused mainly on books and written material.
Experts warn the data could be attractive to artificial intelligence companies. Such data could help train AI models on modern music at scale.
Spotify said it is working with industry partners to protect artists’ rights. The company said it has opposed piracy since its launch.
