Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
ENG
ENG
%402x.svg){kind=icon}
.webp)
Spotify, one of the most used music streaming services in the world, has confirmed that it is investigating unauthorized access to its platform that has resulted in the extraction of an enormous amount of data, including public metadata and access to some audio files. The incident has been reported by a group calling itself Anna's Archive, which claims to have downloaded “approximately 99.6%” of the most listened to content on the platform, representing tens of millions of tracks and metadata.
Although Spotify has not yet confirmed the exact magnitude of the access, the company has admitted that it will continue to investigate the incident and has taken initial steps such as deactivating accounts related to automated data extraction.
The collective Anna's Archive, known for its activity in the decentralized archiving of digital content, published that it has managed to collect metadata from 256 million tracks together with 86 million audio files, a volume that represents approximately 99.6% of the content that users play on Spotify. According to the organization, this collection was carried out using automated techniques (scraping) and now they plan to distribute that data through P2P networks and torrents, a step that has set off alarm bells in the music and copyright industry.
Spotify, for its part, has acknowledged unauthorized access and has indicated that some responsible accounts have been deactivated while defenses are reinforced to prevent similar incidents in the future.
Although Spotify insists that there is no evidence that private user data, such as passwords or financial information, has been exposed, it has been confirmed that public metadata and audio files were accessed from a significant part of its digital library.
Metadata includes essential information such as song titles, artist names or albums, which are used both in the operation of the platform and in the organization of the catalog. Record labels, artists and rights managers are concerned about the possible dissemination of this material, since it represents a high-volume copy of protected content.
The collective Anna's Archive —a non-profit organization that has traditionally focused on archiving books and other digital resources—affirms that its goal is to create an open musical archive for cultural preservation. However, this justification clashes with copyright laws and with the terms of service of platforms such as Spotify.
The initiative has generated debate within the industry: some experts see it as an attempt to preserve digital art that could be lost over time, while others warn of the negative impact that mass and illegal distribution can cause both creators and distributors.
This incident brings to the table several important reflections:
Although unauthorized access has not compromised private user data, the scale of the incident — about 300 TB of data — and its possible distribution highlight the tension between open culture and intellectual property in the modern digital environment.
At Apolo Cybersecurity, we support digital organizations in protecting their most valuable assets, beyond user credentials. Our approach combines technology, processes and awareness to reduce exposure to unauthorized access and automated abuse.
We help you analyze and reinforce access controls to critical content, to design specific defenses against scraping and automation techniques, and to prepare your teams to detect and respond to increasingly sophisticated intrusions. In addition, we review the protection of sensitive data, metadata and digital rights to ensure that your platform maintains its integrity, value and the trust of users and partners.