At long last, Spotify has launched the web-based interface it introduced last year. Unfortunately, it left a gaping security vulnerability that leaves the songs wide-open to download with a simple Chrome extension. (Update below)

I just downloaded a brand new record by a very popular recording artist in less than 10 seconds using this extension. This is definitely illegal. And who knows what else the illegal software is downloading to your computer. Do with this knowledge what you will. YOU HAVE BEEN WARNED.


According to the developer of Downloadify, Spotify neglected to encrypt the MP3s coming across the web to your browser to your ears. They even suggest a potential fix for the problem. Until the problem is fixed, Downloadify will let you pull down an MP3 of any track just by double-clicking it. We've just now emailed Spotify for comment, and we wouldn't expect the vulnerability to last too much longer. Ouchie for Spotify. [Tweakers via The Verge]

Update 1

It appears Downloadify has been pulled from the the Chrome store. If it's already installed on your computer (or you can find another way to get it) it still works.

Update 2

Here's a very special message from the man supposedly behind Downloadify:


Share This Story

Get our newsletter