Spotify rushes to fix free download vulnerability

Spotify logo Many sites are susceptible to "ripping" of their content

Related Stories

Music streaming site Spotify has rushed to fix a security hole that allowed users free song downloads.

Downloadify, an extension to Google's Chrome browser, enabled users to download MP3 files by exploiting a vulnerability in Spotify's web player.

Google removed the extension, but Downloadify was still available via other websites.

Spotify has confirmed to the BBC that the issue has now been fixed.

Downloadify was created by Dutch developer Robin Aldenhoven. On Twitter, he noted that music stored online by Spotify was not encrypted.

"I could not believe it myself that they did so little to protect their library," he wrote, later adding: "Spotify = awesome... so I don't want to damage them."


Other web streaming services are susceptible to similar exploits. Various services allow for the downloading, knowing as "ripping", of content from sites such as YouTube.

Such actions are illegal and against the sites' terms of service.

Sheena Sheikh, a solicitor from intellectual property specialists Briffa, told the BBC that the law is straightforward on such downloading activity.

"You are committing an infringement," she said.

"You're not authorised to download the songs. You don't have permission."

Spotify is the world's most popular music streaming service. Recent figures from the company said the service has 24 million active users, of whom six million pay a monthly fee for added features.

More on This Story

Related Stories

More Technology stories



BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.