{“lastseen”:”2025-12-23T14:05:12″,”description”:”Hacktivist group Anna\u2019s Archive claims to have scraped almost all of Spotify\u2019s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform into a roughly 300 TB pirate \u201cpreservation archive.\u201d\\n\\nOn its blog, the group states:\\n\\n\\u003e \u201cA while ago, we discovered a way to scrape Spotify at scale. We saw a role for us here to build a music archive primarily aimed at preservation.\u201d\\n\\nSpotify insists that the hacktivists obtained no user data. Still, the incident highlights how large\u2011scale scraping, digital rights management (DRM) circumvention, and weak abuse controls can turn major content platforms into high\u2011value targets.\\n\\nAnna\u2019s Archive claims it obtained metadata for around 256 million tracks and audio files for roughly 86 million songs, totaling close to 300 TB. Reportedly, this represents about 99.9% of Spotify\u2019s catalog and roughly 99.6% of all streams.\\n\\nSpotify says it has \u201cidentified and disabled the nefarious user accounts that engaged in unlawful scraping\u201d and implemented new safeguards.\\n\\nFrom a security perspective, this incident is a textbook example of how scraping can escalate beyond \u201cjust metadata\u201d into industrial\u2011scale content theft. By combining public APIs, token abuse, rate\u2011limit evasion, and DRM bypass techniques, attackers can extract protected content at scale. If you can create or compromise enough accounts and make them appear legitimate, you can chip away at content protections over time.\\n\\nThe \u201cSpotify scrape\u201d will likely be framed as a copyright story. But from a security angle, it serves as a reminder: if a platform exposes content or metadata at scale, someone will eventually automate access to it, weaponize it, and redistribute it.\\n\\nAnd hiding behind violations of terms and conditions\u2014which have never stopped criminals\u2014is not effective security control.\\n\\n## How does this affect you?\\n\\nThere is currently no indication that passwords, payment details, or private playlists were exposed. This incident is purely about content and metadata, not user databases. That said, scammers may still claim otherwise. Be cautious of messages alleging your account data was compromised and asking for your login details.\\n\\nSome general Spotify security tips, to be on the safe side:\\n\\n * If you have reused your Spotify password elsewhere or shared your credentials, consider changing your password for peace of mind.\\n * Regularly review active sessions on streaming services and revoke anything you do not recognize. Spotify does not offer per-device session management, but you can sign out of all devices via **Account \\u003e Settings and privacy** on the Spotify website.\\n * Avoid unofficial downloaders, converters, or \u201cSpotify mods\u201d that ask for your login or broad OAuth permissions. These tools often rely on the same kind of scraping infrastructure\u2014or worse, function as credential-stealing malware.\\n\\n\\n\\n* * *\\n\\n**We don ‘t just report on threats – we help protect your social media**\\n\\nCybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.”,”published”:”2025-12-23T12:28:20″,”modified”:”2025-12-23T12:28:20″,”type”:”malwarebytes”,”title”:”Hacktivists claim near-total Spotify music scrape”,”source”:””,”references”:””,”id”:”MALWAREBYTES:03643C233C175C5A7C5DEBC5CD043A49″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/hacktivists-claim-near-total-spotify-music-scrape”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-23T14:05:12″,”description”:”Hacktivist group Anna\u2019s Archive claims to have scraped almost all of Spotify\u2019s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-32533","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n