Advertisement

Article

Why was Spotify hacked?

Jonathan Riggall

Jonathan Riggall

  • Updated:

A Google Chrome extension called Downloadify was discovered by Dutch website Tweakers, which exploited a lack of encryption in Spotify‘s web app. It let premium users download an MP3 copy of any track. The extension was quickly taken off the Chrome Web Store, and Spotify has patched its web player to ensure Downloadify no longer works.

Downloadify was made by a Dutch developer, Robin Aldenhoven, who has been talking extensively about it on Twitter. He seems to have made the extension to expose how Spotify had not activated DRM on their Premium web player.

He tweeted on Tuesday that Spotify was not applying encryption everywhere, and that Spotify was failing in its responsibilities to artists and record companies. According to Aldenhoven Spotify must have deliberately not turned encryption for the web player. He is a fan of Spotify, and thinks ‘everyone should have it.’

The extension worked by exploiting a feature of Spotify Premium accounts, that allows local storage of tracks as long as the account is active. While Spotify has reacted quickly to the exploit, it calls into question the feasibility of their premium account local storage. Hackers will keep finding ways around Spotify’s security, which could damage its reputation with the record labels to whom it pays royalties.

We reached out to Spotify for a response, and they say they have been working on a fix.

They also said, ‘Spotify was founded as a better, simpler, legal alternative to piracy. With Spotify, every single play results in revenue for artists and rights holders. Without them, there’s no music. We have driven over half a billion dollars to rightsholders since launch and expect to surpass $1bn by the end of 2013. In the first 3 years since Spotify launched in its native Sweden, piracy declined 25%, and we are seeing that trend replicated in markets where Spotify is active.’

It appears that with developers like Aldenhoven, Spotify has outside help in making sure it’s secure.

Jonathan Riggall

Jonathan Riggall

Latest from Jonathan Riggall

Editorial Guidelines