Spotify has taken action against a hacker collective after uncovering a major breach involving the unauthorised extraction of internal music-related data, underscoring growing cybersecurity challenges for global digital platforms. The company has clarified that no user passwords, payment details, or private account information were compromised in the incident.
The allegations surfaced through a blog post by Anna’s Archive, an open-source search platform best known for cataloguing so-called “shadow libraries.” The group claimed it had copied Spotify’s music catalogue and published metadata linked to nearly 256 million tracks and around 86 million audio files, spanning content uploaded between 2007 and 2025. According to the post, the dataset reflects roughly 99.6% of all listening activity on Spotify.
Positioning the release as the world’s first open “music
preservation archive,” Anna’s Archive said the collection could be replicated
by anyone with sufficient storage capacity. The group stated that the data
package, estimated at just under 300 terabytes, would be shared via
peer-to-peer distribution networks.
In response, Spotify acknowledged that unauthorised scraping
had taken place, explaining that the third party used illegal techniques to
bypass digital rights management (DRM) protections and gain access to certain
audio files. The company said it has since disabled the accounts involved and
rolled out additional technical safeguards to prevent similar incidents.
Spotify emphasised that no confidential user data was
exposed, noting that the only user-related information accessed was limited to
publicly visible playlists. The company declined to confirm the exact scale of
the data obtained.
Beyond piracy concerns, the incident has sparked debate about the potential use of such large datasets for training artificial intelligence models. Yoav Zimmerman, CEO of intellectual property protection firm Third Chair, warned that access to music collections of this scale could significantly reduce barriers for AI developers seeking to train models on modern music, even as copyright laws continue to pose legal risks.
Previously focused on archiving books and academic material,
Anna’s Archive said the Spotify data marked an expansion into music
preservation. The group acknowledged that Spotify does not host the entirety of
the world’s recorded music but described the archive as an initial foundation.
Spotify reiterated its commitment to protecting artists and
rights holders, stressing its long-standing stance against piracy. “From the
very beginning, we have supported the creative community,” the company said.
While any effort to replicate or redistribute Spotify’s catalogue would almost certainly invite swift legal action, the episode highlights the escalating threat of large-scale data scraping and the mounting pressure on digital platforms to safeguard intellectual property in the era of AI-driven technologies.
BY: Nirosha Gupta
No comments:
Post a Comment