• Home
  • cyber
  • Spotify: Spotify data breach: 86 million audio files leaked online
cyber Breach

Spotify: Spotify data breach: 86 million audio files leaked online

Dec 18, 2025 2 min read
Spotify: Spotify data breach: 86 million audio files leaked online

**Spotify’s Entire Music Catalog Leaked by Pirate Activist Group**

A pirate activist collective, Anna’s Archive, extracted and released Spotify’s near-complete music catalog—approximately 300 terabytes of audio files and metadata—across peer-to-peer networks. The leak, documented on Thursday, includes 86 million audio files and 256 million rows of track metadata, representing 99.6% of all listening activity on the platform.

Spotify confirmed the breach, stating that a third party scraped public metadata and bypassed digital rights management (DRM) to access audio files. A spokesperson told Billboard that the company is actively investigating and mitigating the incident.

Anna’s Archive, known for preserving books and academic papers, framed the leak as a "preservation archive" for music, aligning with its mission to safeguard cultural knowledge. The dataset is 37 times larger than MusicBrainz, the previous largest open-source music database, containing 186 million unique International Standard Recording Codes (ISRCs)—covering 99.9% of Spotify’s 256 million tracks.

The group prioritized files using Spotify’s own popularity metrics, capturing songs available through July 2025. Metadata is already available for download, while audio files are being distributed in stages, ranked by streaming popularity, to avoid overwhelming servers.

Yoav Zimmerman, CEO of Third Chair, noted that the leak could enable users to recreate a personal, free version of Spotify using media servers like Plex—with copyright law as the only major barrier. He also highlighted the implications for AI training, as the dataset could allow companies to scale music-based model development more easily.

The data is now circulating on peer-to-peer networks, with no way to fully contain its spread.

Source: https://dataconomy.com/2025/12/22/spotify-data-breach-86-million-audio-files-leaked-online/

Spotify cybersecurity rating report: https://www.rankiteo.com/company/spotify

"id": "SPO1766397392",
"linkid": "spotify",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Potentially all users (data '
                                              'represents 99.6% of listening '
                                              'activity)',
                        'industry': 'Music Streaming',
                        'name': 'Spotify',
                        'type': 'Company'}],
 'attack_vector': 'Scraping public metadata and circumventing DRM',
 'data_breach': {'data_exfiltration': 'Yes, via peer-to-peer networks',
                 'file_types_exposed': ['Audio files', 'Metadata (CSV/JSON)'],
                 'number_of_records_exposed': '86 million audio files, 256 '
                                              'million rows of metadata',
                 'personally_identifiable_information': 'No (focused on music '
                                                        'and metadata)',
                 'sensitivity_of_data': 'High (copyrighted music and user '
                                        'listening data)',
                 'type_of_data_compromised': ['Audio files', 'Track metadata']},
 'description': 'A pirate activist group extracted Spotify’s entire music '
                'catalog and released approximately 300 terabytes of audio '
                'files and metadata across peer-to-peer networks. The leak '
                'includes 86 million audio files and 256 million rows of track '
                'metadata, representing roughly 99.6 percent of all listening '
                'activity on the platform.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'unauthorized data access',
            'data_compromised': '300 terabytes of audio files and metadata',
            'legal_liabilities': 'Potential copyright infringement and '
                                 'regulatory violations',
            'operational_impact': 'Unauthorized access and data exfiltration',
            'systems_affected': 'Spotify’s music catalog and metadata '
                                'database'},
 'investigation_status': 'Ongoing',
 'motivation': 'Preservation of humanity’s knowledge and culture',
 'post_incident_analysis': {'root_causes': 'Combination of public metadata '
                                           'scraping and DRM circumvention'},
 'references': [{'source': 'Billboard'},
                {'source': 'Anna’s Archive'},
                {'source': 'Yoav Zimmerman (LinkedIn)'}],
 'regulatory_compliance': {'regulations_violated': ['Potential copyright law '
                                                    'violations']},
 'response': {'communication_strategy': 'Public statement via Billboard',
              'incident_response_plan_activated': 'Actively investigating and '
                                                  'mitigating the incident'},
 'threat_actor': 'Pirate activist group (Anna’s Archive)',
 'title': 'Spotify Music Catalog Leak by Pirate Activist Group',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Illicit tactics to bypass digital rights '
                            'management (DRM)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.