The Swedish music platform Spotify was the target of a large-scale computer attack that compromised almost its entire catalog, the company confirmed this Tuesday, December 23.
Spotify reported that a preliminary investigation concluded that third parties obtained unauthorized access to public metadata and used “illegal tactics” to bypass digital rights management (DRM) systems, allowing access to part of the platform’s audio files.
The company added that the attack occurred on Monday and that technical teams continue to investigate the extent of the incident and its impacts.
Meanwhile, the hacker group Anna’s Archives claimed responsibility for the attack, claiming to have stolen around 86 million music files, which would correspond to approximately 99.6% of Spotify’s total catalogue.
According to the activists, the objective of the operation was “to build a musical archive mainly for preservation purposes”.
Spotify did not confirm the numbers put forward by the group nor did it clarify whether user data was affected by the attack.