large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Spotify closes loophole after Chrome extension served-up free downloads

Spotify has moved quickly to plug a security hole in its web player that had briefly allowed users to download tracks for free.

An extension to the Google Chrome browser called Downloadify had exploited a Spotify vulnerability which enabled each of the 20 mllion songs available through the service to be stored to the user’s computer.

The extension took advantage of Spotify’s Premium service, which lets paid up members download a certain number of tracks to play offline. It appears those tracks are completely DRM free.

Potentially those with a keen eye for music piracy may have used the service to amass a gigantic free music library on Spotify’s dime.

Upon hearing about the issue, Google quickly deleted the Downloadify extension (although it’s still available through websites like GitHub).

Spotify has confirmed the issue has been fixed although it is yet to make an official statement on the subject.

Downloadify was created by Dutch developer Robin Aldenhoven who revealed the extensions yesterday, claiming Spotify “forgot to encrypt their music.”

In a series of tweets, he criticised Spotify for sending DRM-free tracks out to users and claimed the company had “broken their commitment” to artists for doing “so little to protect their library.”

Earlier today he added: “Seems like @Spotify fixed the player 🙂 the extension doesnt work anymore. Still no official response….”

He said that Spotify fixed the problem in an “acceptable way” and claimed he didn’t wish to harm the company by seeking to further develop the Downloadify tool.

“And Spotify = Awesome… So I don’t want to damage them. Just pay for the music (its almost free),” he tweeted.

Judging by his comments, it appears the developer was attempting to be helpful, in pointing out Spotify’s weakness, but we’re not sure the Swedish streaming giant will feel the same way.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.