Spotify has disabled user accounts after an open-source shadow library published files containing tens of millions of songs scraped from the streaming platform, confirming unauthorized access to its music library but saying no private user data was exposed.
Scraping Activity And Account Shutdowns
Spotify said it identified and shut down user accounts involved in unlawful scraping after an open-source group released a large database of audio files and metadata taken from the platform. The company confirmed that a third party bypassed digital rights management protections to extract audio files.
A Spotify spokesperson told Euronews Next that the company disabled the accounts responsible and introduced additional safeguards to counter what it described as anti-copyright attacks. Spotify said it is continuing to monitor for suspicious activity.
Role Of Anna’s Archive
The group behind the release is Anna’s Archive, an online shadow-library search engine and archival project that indexes and links to pirated media. Anna’s Archive aggregates content from multiple shadow libraries, including Z-Library, LibGen, and Sci-Hub.
The project launched in 2022, shortly after law enforcement actions targeted Z-Library. It is operated by a pseudonymous figure known as “Anna” or “Anna Archivist.”
Anna’s Archive said it discovered a method to extract Spotify files and released a dataset containing metadata for 256 million tracks and audio files for 86 million songs. The group said the collection represents about 99.6% of listens on the platform.
Scope Of The Released Files
According to Anna’s Archive, the scraped material includes songs uploaded to Spotify between 2007 and 2025. In a blog post, the group described the release as a music “preservation archive” that is fully open and can be mirrored by anyone with sufficient storage capacity.
Spotify did not disclose the size of the data involved. However, hacktivists associated with the release claimed that nearly 300 terabytes of data were scraped and distributed via torrents.
Company Response And Data Impact
Spotify confirmed unauthorized access to its library but said no non-public user data was compromised. The company said the only user-related information involved was public playlist data.
The streaming service said it has implemented new technical measures following the incident. It did not comment on the legality of the released files but emphasized that replicating or redistributing Spotify’s catalog would likely face legal challenges from rights holders.
Featured image credits: Wikimedia Commons
For more stories like it, click the +Follow button at the top of this page to follow us.