Spotify is having a very bad, no good really rotten day. Someone hacked its entire music library.

Late Sunday, I noticed a few social media posts about a breach at Spotify. Tracing them back to the source, a group of hackers were successful in scraping Spotify’s entire music library. If it was uploaded since 2007, it’s been scraped. Uh-oh.

Anna’s Blog details the entire thing–and the plans to make all this music freely available. About 15.43 million artists, 58.6 million albums, and roughly 300 terabytes are involved.

To be clear, as of the morning of Monday, December 22, only 256 million pieces of metadata have been scraped and released. This represents information on about 86 million songs.

This is bad. If this backup is real and made available, it essentially means anyone can set up their own streaming service using a service like Plex. Yes, they’d been breaking the law and infringing copyright, but who could enforce such a thing?

And lemme just throw this in there: Any release of songs–i.e. tracks here DRM has been circumvented–these tracks could be used to train some sort of generative AI music program.

Anna’s Blog also includes some fascinating statistics about what gets played on Spotify.

• The genre with the most performers on Spotify is Electronic/Dance (520,075). Rock is second (370,179), followed by World/Traditional (202,529), and Latin (189,438). Hip-hop/rap is down in fifth place (166,515).
• The majority of song lengths peak at two minutes long, followed by three minutes, and then four minutes.
• They discovered that 221,448,796 songs in the library are considered to be “clean” when it comes to lyrics vs. 34,590,314 songs labeled “explicit.”
• The most popular key for songs is C major followed by G major.
• One chart shows the massive increase in the number of albums released each year since 1970. It goes from 142,104 global releases to beyond 11 million in 2023.
• There is a distressing number of songs with the same ID number (ISRC). This is bad metadata.

The group–whoever they are–claim to have “backed up Spotify” outside the company’s servers. ” We saw a role for us here to build a music archive primarily aimed at preservation.”

Spotify has acknowledged the hack and are…working on it, I guess. Here’s their statement: : “An investigation into unauthorized access identified that a third party scraped public metadata and used illicit tactics to circumvent DRM to access some of the platform’s audio files. We are actively investigating the incident.”

UPDATE: From a Spotify spokesperson: “Spotify has identified and disabled the nefarious user accounts that engaged in unlawful scraping. We’ve implemented new safeguards for these types of anti-copyright attacks and are actively monitoring for suspicious behavior. Since day one, we have stood with the artist community against piracy, and we are actively working with our industry partners to protect creators and defend their rights.”

And before you even think of cheering this on, this breach will not just affect Spotify and all the licensed streaming services. It will impact the income and livelihood of artists, people who work at record labels, and everything associated with the recorded music industry.

Oh, and that’s not the only database hack in the news. Yes, it was P*rnHub. Happy Monday.