From Music Lover to Cybercriminal: Inside the Cloud Heist That Targeted Coldplay and More

January 16, 2025 | Cybersecurity

By Ashwani Mishra, Editor-Technology, 63SATS

In a storyline fit for a blockbuster, 22-year-old Skylar Dalziel didn’t just steal the spotlight—she stole the music.

A British cybercriminal with a knack for digital mischief, Dalziel infiltrated the vibrant, multimillion-dollar world of music, not with talent or melodies, but with cunning and code.

Targeting the creative vaults of global superstars like Coldplay and Shawn Mendes, she turned the cloud—a sanctuary for artistic dreams—into her personal treasure chest. But as her dark web dealings crescendoed, so too did the inevitable fallout.

Platforms like Spotify for Artists, SoundCloud, and YouTube have democratized music, allowing creators to reach global audiences in seconds. But as the $18.45 billion cloud music services market surges to a projected $20.88 billion by 2025, it’s also becoming a playground for cybercriminals.

Dalziel’s crime spree unfolded like a digital thriller, targeting unreleased tracks from the world’s biggest stars—Coldplay, Shawn Mendes, and Bebe Rexha among them.

Her weapon? Illicit access to cloud storage accounts housing these artists’ creative treasures.

Her reward? An estimated ÂŁ42,000 in dark web sales and, eventually, a 21-month prison sentence.

Shawn 63 Sats Cybersecurity India

Image: Canadian singer-song writer Shawn Mendes

The Breach

The thefts came to light in June 2021, when Sony Music Entertainment flagged suspicious activity in a cloud storage account linked to Upsahl, an emerging artist.

What investigators found was astonishing: Dalziel had systematically hacked into accounts, amassing a treasure trove of 291,941 unreleased songs. Among them were highly anticipated tracks from Coldplay and other global icons.

The stolen tracks weren’t just sitting idle. Dalziel ran an underground marketplace, selling these unreleased songs to buyers on the dark web. Her meticulousness extended to maintaining a spreadsheet tracking her sales, which investigators later matched with PayPal and bank records. It wasn’t just music she was selling; it was the dreams, careers, and intellectual property of countless creators.

IMG 4188 63 Sats Cybersecurity India

Image : UPSAHL, American Singer and Song Writer

The Impact

Dalziel’s actions rippled across the music industry. Richard Partridge from the Crown Prosecution Service condemned her crimes, highlighting the impact on record companies, artists, and their support teams. “Her selfish use of stolen music” not only hurt the individuals involved but also contributed to the estimated 80,000 job losses annually linked to intellectual property theft, according to City of London Police.

Even more chilling, Dalziel was not acting alone. Investigators believe she collaborated with overseas accomplices, a subplot that adds another layer to this already complex cybercrime narrative. As Det. Con. Daryl Fryatt put it, “We have the tools and ability to track down cybercriminals and bring them to justice. This case sends a clear message.”

The Fallout

In January 2025, Dalziel stood before the Luton Crown Court to face the music. Pleading guilty to nine copyright offenses and four computer misuse offenses, she was sentenced to 21 months in prison, suspended for 24 months, and ordered to complete 180 hours of unpaid work. Additionally, her digital operations were dismantled, with investigators seizing computer hard drives containing evidence of her crimes.

The financial gains Dalziel transferred to U.S. bank accounts were another element of her sophisticated operation. While the legal system caught up with her, the artists and industry she harmed are left to pick up the pieces, both creatively and financially.

A Larger Stage

This case shines a spotlight on the vulnerabilities of the booming cloud music services market. As platforms like Spotify and YouTube revolutionize music distribution, the security of these systems becomes paramount. The industry, worth billions, must now grapple with protecting artists from cyber threats while fostering innovation and accessibility.

Meanwhile, artists like Coldplay continue to rise above these challenges, with their highly anticipated concerts scheduled for January 18, 19, and 21 at DY Patil Stadium in Navi Mumbai.

As the music industry marches forward, balancing innovation with security will be its greatest challenge.

Dalziel’s bid to compose her own symphony of cybercrime hit a discordant note. The courtroom’s verdict was clear and decisive: in the clash between theft and artistry, justice struck the final chord.