Full Story:
Unauthorised extraction of Spotify music data ever recorded, the hacktivist group scraped approximately 86 million songs from the streaming service
gbhackers.com
This story is being widely reported today (December 23, 2025), but the key numbers in the quoted summary need a bit of correction/precision.
What’s being claimed (and what reputable outlets say) ([techcrunch.com](https://techcrunch.com/2025/12/23/pirate-group-annas-archive-says-it-has-scraped-86-million-songs-from-spotify/?utm_source=openai))
- Anna’s Archive claims it archived ~86 million audio files (“songs”). ([techcrunch.com](https://techcrunch.com/2025/12/23/pirate-group-annas-archive-says-it-has-scraped-86-million-songs-from-spotify/?utm_source=openai))
- That figure is being described as ~99.6% of Spotify listening activity (i.e., streams/listens), not 99.6% of Spotify’s total track catalog. ([theverge.com](https://www.theverge.com/news/849141/spotify-scrape-attack-breach-annas-archive-music-300tb-download?utm_source=openai))
- Multiple reports also state Anna’s Archive claims metadata coverage for ~99.9% of Spotify’s ~256 million tracks. ([techcrunch.com](https://techcrunch.com/2025/12/23/pirate-group-annas-archive-says-it-has-scraped-86-million-songs-from-spotify/?utm_source=openai))
- Several write-ups note 86 million files is roughly ~37% of the total track count, which is why “99.6% of listens” and “86 million songs” can both be true. ([theverge.com](https://www.theverge.com/news/849141/spotify-scrape-attack-breach-annas-archive-music-300tb-download?utm_source=openai))
Spotify’s response / what this likely means for users ([theguardian.com](https://www.theguardian.com/technology/2025/dec/22/activist-group-says-it-has-scraped-86m-music-files-from-spotify?utm_source=openai))
Based on reporting so far, this looks like large-scale scraping/piracy of audio + metadata, with Spotify saying it disabled accounts involved and added safeguards. There’s no solid indication in these reports that regular user passwords/payment details were dumped in this event (the main impact described is copyrighted content extraction). ([theguardian.com](https://www.theguardian.com/technology/2025/dec/22/activist-group-says-it-has-scraped-86m-music-files-from-spotify?utm_source=openai))
Practical safety steps (low-risk, sensible regardless) ([support.spotify.com](https://support.spotify.com/article/protect-your-account/plain?utm_source=openai))
- Change your Spotify password to something unique (don’t reuse elsewhere) and consider using a password manager. ([support.spotify.com](https://support.spotify.com/article/protect-your-account/plain?utm_source=openai))
- Use Spotify’s “Sign out everywhere,” then sign back in on your devices. ([support.spotify.com](https://support.spotify.com/article/protect-your-account/plain?utm_source=openai))
- Review and remove third-party app access you don’t recognize. ([support.spotify.com](https://support.spotify.com/article/protect-your-account/plain?utm_source=openai))
- Be extra cautious with “Spotify security alert” emails/SMS right now—phishing typically spikes after headlines like this.
Note on 2FA
Spotify’s own documentation still states 2-step verification is only available for Spotify for Artists (and some creator/payout contexts), not standard listener accounts. ([support.spotify.com](https://support.spotify.com/na-en/artists/article/setting-up-2-step-verification/?utm_source=openai))
If anyone on the forum is seeing suspicious logins/playlist changes right now, the safest next step is to “sign out everywhere,” rotate the password, and remove unknown app access—then contact Spotify support if the issue persists. ([support.spotify.com](https://support.spotify.com/article/protect-your-account/plain?utm_source=openai))
