Published on

Leaked Music - and The Faces Behind It

  • avatar
    n0 Sec

What is leaked music?

Back in the early 2000s, music being leaked held a completely different meaning. Leaked music was just mp3s of music that was not authorized to be shared for free by the artist, however the music was publicly sold by the artist. However, nowadays, these services are nearly obsolete due to streaming services like YouTube, Spotify, and Apple Music all centralizing music for cheap and many cases for free. Nowadays, fraudsters have new musically motivated goals, fraudsters attempt to obtain popular artist's music before the official release date of the song. This is done in a plethora of ways that will be introduced in this article. While this may initially seem like a crime of passion, of innocent fans going to dark means to listen to their favorite artist, many times fraudsters do this for monetary gain, with intent to sell the leaked music to fans of the artist for thousands of dollars.

Where do they talk about leaked music?

For many people, this may be a scene you've never heard of. It seems so unlikely that people would pay money, ranging to the thousands of dollars, to hear music before it comes out, but that's the truth. Frequently the buyers are fraudsters or young children obviously, but the market nonetheless exist. The most popular leaked music forum is, a recreation of the closed forum Leakthis was owned by a person who goes by Hyl (Hide Your Lies), who closed down the forum for unknown reasons, and Leakedcx is a nearly identical duplicate of the site under different management, with a very similar userbase. The websites act as marketplaces for leaked music and discussion of leaked music of all genres. Frequently, on sites like, discussions of the sales of leaked music on the actual vendor sites such as MusicMafia transpires amongst on-site sale of music. Now that many of the music marketplaces such as TheSource & MuscMafia are shut down, is increasingly popular to conduct sales of leaked music.
Music Mafia Reddit Post
Music Mafia Old Site

Terminology / Types of Leaks

As I previously defined, a leak is a song that an artist made that hasn't been released to the public yet.

A snippet is a short page of an unreleased song, sometimes used by the actual artist to build hype regarding a song, in other cases a short part of a song released by a leaker to give potential buyers a showcase.

LQ/HQ/CDQ - LQ is low quality audio, normally low bitrate, meanwhile HQ is higher audio quality, and CDQ is nearly the best possible quality. Bitrate is the unit used to measure audio quality; in most cases a higher bitrate translates to higher quality audio.

A reference is the basis for a beat when a song's mixing is inspired by another song's mixing typically.

Groupbuys are a group of people that fundraise money for a certain song, with the goal of buying the song from the person selling it. In some cases, songs are bought by individual buyers.

The last of our terms is demo, which is an incomplete song to demonstrate the music to studios or publishers, they are more so frameworks than complete products but still hold value.

Grails are highly desirable songs, they are considered 'top tier' and are highly wanted amongst the community typically. Many people labeling a snippet as a grail normally drives the price up of the leak.

Where is leaked music obtained?

Leaked music is obtained in an abundance of methods, but they are typically similar. The first step of obtaining unreleased music is targeting a producer or artist who the fraudster believes may have access to artist's unreleased music. It is not uncommon for many people in an artist's team to have access to an artist's music, such as an artist's producer, editor, writer, etc., it just takes one to have a vulnerable security. A security vulnerability can be found via basic OSINT methods, the easiest vulnerability for a fraudster to uncover is leaked passwords associated with the email of an artist. These can be found via database search engines such as Intelx and Dehashed, however, many artist won't reuse the same passwords on multiple service so this method is typically rendered ineffective. The follow-up to this method is the SIM swap method, where the fraudster attempts to use OSINT tools to locate an artist's number attached to their file sharing services or email (which they can use to reset passwords to file sharing services), which they can then conduct a Sim swap attack on to gain access. The accounts targeted for these fraudsters are typically musically related, however idealistically, the fraudsters manage to access the artist's email as that has the most potential. Artist also sometimes email songs to other artist, which fraudsters if they were to compromise the email, could intercept and sell.

Finding and Buying

It is not hard to find leaked music, the community of leaked music is considerably organized. This Google Spreadsheets has every artist you can think of, accompanied with a link to their leaked discography. Many artist have hundreds of leaked songs available on those trackers and it takes no technical expertise to use or locate the leaked music from the spreadsheet (making it easier for fraudsters and non-fraudsters alike to find leaked music). It goes without being said that any music that is publicly leaked on the forums or is on the tracker spreadsheets holds no market value, only unleaked and unreleased music holds market value amongst the members of the leak community.

As for buying leaked music, it is mainly done through word of mouth. On to see marketplace post, a user must post on the forums 25 times, so only a small portion of users directly see what's on the leaked music market. However, there is plenty of off-site sales, such as Discord groupchats targeted towards specific rapper's audience, such as Juice WRLD's 'JuiceHub' and Travis Scott's 'Travis Scott Hub', where groupbuys are typically discussed and managed. These groupbuys can range up to the tens of thousands of dollars, the highest valued leaks I've observed are the Juice WRLD leaks, which have ranged to the tens of thousands of dollars.

Sales of leaked music.

Notable leakers

In the leaked community, there are some known names across all the members due to their sheer popularity. The most popular member I found in my research was Googly, who is now widely looked down upon due to scamming accusations. It is said that Googly would sell and leak parts of songs, meanwhile he claimed that he was leaking the entire song. When these lies were uncovered, people lost trust in Googly and he has become a joke of the community. He was particularly popular for Juice WRLD related leaks and has since retired. He is known to have sold an estimated over $50,000 of Juice WRLD leaks.

Spirdark was also a popular leaker, the earliest traces I could find of Spirdark selling leaks are in 2017. It appears Spirdark had at least some involvement with the Music Mafia selling collective and a member of the The Source market. He disappeared but unlike Googly disappeared with a reputable status.

Privatefriend was another leaker popular around the same time of Spirdark and like Spirdark disappeared from the leak community. He, like Spirdark, was a seller on Music Mafia, and had a good image in the community. However, while he had a popular public image, it is said that he is banned from the leaking community

Sodacup is a currently active user who is known to have a plethora of leaks for sale currently. He has artists of all genre ranges from my inspection of his forum activity and appears to be viewed as legitimate amongst the forums. He appears to have over $20,000 in music assets at minimum according to his thread's appraisal of his private music inventory. Keep in mind however, if the artist releases the song before the leaker sells it, the file loses all value (as its now public).

A pattern I noticed in my investigation is that the community of leakers actively tries to attribute new song vendors to old popular aliases such as Privatefriend and Spirdark. This is common amongst fraud communities, it tends to happen because fraudsters will gain bad blood in the community or feel like their operational security is compromised, so they will go ghost and come back again under a new unknown alias to restore their security. However, I found no definitive proof of any overlap between identities in my investigation (not to say that it isn't present).


The leaked market is one of the large, profitable markets that rely on database search tools and SIM swapping. The market can be complex, however, on the surface it is not too damaging. The victim of leaks appears to be the artist and their music label, who lose the potential profit that the leaked music could have brought in, additionally any money spent on the creation of the music (such as studio time, production cost, etc). The leakers themselves typically intend to make money, however, the group buyers and the listeners tend to just be massive fans with no harmful intentions.