Spotify cracks down on unlawful scraping of 86 million songs

Spotify shut down accounts after Anna’s Archive scraped and published data on 86 million songs, confirming action against unlawful scraping.

Spotify disabled user accounts after an open-source group published files containing 86 million songs scraped from the platform. The group, Anna’s Archive, said it found a method to extract Spotify files and released a database of tracks and metadata. Spotify confirmed it identified and shut down accounts involved in the unlawful scraping activity.

Anna’s Archive is an online shadow-library search engine and archival project that indexes and links to pirated copies of books, papers, and other media from multiple “shadow libraries” such as Z‑Library, LibGen, and Sci‑Hub. It was launched in 2022 by a pseudonymous operator known as “Anna” (or “Anna Archivist”) shortly after law-enforcement actions against Z‑Library.

Anna’s Archive released metadata for 256 million tracks and 86 million audio files, representing around 99.6 percent of listens.

The files relate to songs that were put on the platform between 2007 and 2025.

“It’s the world’s first ‘preservation archive’ for music which is fully open (meaning it can easily be mirrored by anyone with enough disk space),” a group’s blog post stated.

The company confirmed unauthorized access to its library, saying a third party bypassed DRM to scrape audio files.

“Spotify has identified and disabled the nefarious user accounts that engaged in unlawful scraping. We’ve implemented new safeguards for these types of anti-copyright attacks and are actively monitoring for suspicious behaviour,” the spokesperson told Euronews Next.

The company announced the implementation of additional safeguards, and said no non-public user data was compromised, aside from public playlist information.

The streaming platform did not disclose the volume of the scraped data, but hacktivists claimed nearly 300TB was scraped and shared via torrents. Anna’s Archive said the scrape aimed to create a music “preservation archive,” though any attempt to replicate Spotify would likely trigger serious legal action from rights holders.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data scraping)