With more than 24 million registered users, Spotify is clearly the number one music streaming service out there. Their security system, however, proved to be vulnerable to a Google Chrome extension called “Downloadify”, which allowed users to download songs for free.
Although Google had the extension removed from their “extensions list”, Downloadify was still available on other websites. Contacted by the BBC, the music streaming service confirmed that the vulnerability had been fixed, and everything is ok.
For those of you who are curious enough to ask “who came up with the idea of such an extension?”, we provide with the answer. It was a Dutch developer called Robin Aldenhoven who tweeted that:
“I could not believe it myself that they did so little to protect their library,” he said.
Despite his finding, the developer later tweeted that he has no intention of compromising the service.
“Spotify = awesome… so I don’t want to damage them,” he wrote.
Spotify, however, is not the only one that’s been a subject to such exploits. YouTube, for example, has the same problem. There are plenty of services out there which allow anyone to download and/or turn YouTube videos into mp3s.
“You are committing an infringement,” Sheena Sheikh (a solicitor from intellectual property specialists Briffa) told the BBC.
“You’re not authorised to download the songs. You don’t have permission,” she continued.
It is still unknown, and will probably remain as such, how much damage Downloadify did.