Spotify rushes to fix free download vulnerability

  • Published
Spotify logo
Image caption,
Many sites are susceptible to "ripping" of their content

Music streaming site Spotify has rushed to fix a security hole that allowed users free song downloads.

Downloadify, an extension to Google's Chrome browser, enabled users to download MP3 files by exploiting a vulnerability in Spotify's web player.

Google removed the extension, but Downloadify was still available via other websites.

Spotify has confirmed to the BBC that the issue has now been fixed.

Downloadify was created by Dutch developer Robin Aldenhoven. On Twitter, he noted that music stored online by Spotify was not encrypted.

"I could not believe it myself that they did so little to protect their library," he wrote, later adding: "Spotify = awesome... so I don't want to damage them."

Infringement

Other web streaming services are susceptible to similar exploits. Various services allow for the downloading, knowing as "ripping", of content from sites such as YouTube.

Such actions are illegal and against the sites' terms of service.

Sheena Sheikh, a solicitor from intellectual property specialists Briffa, told the BBC that the law is straightforward on such downloading activity.

"You are committing an infringement," she said.

"You're not authorised to download the songs. You don't have permission."

Spotify is the world's most popular music streaming service. Recent figures from the company said the service has 24 million active users, of whom six million pay a monthly fee for added features.