For a few hours yesterday, a Chrome extension, available through the Google Web Store, allowed people to exploit an encryption failure within Spotify's web player. But this wasn't just any other mistake: the extension, Downloadify, broke open the gates and allowed Spotify customers to download any song off of Spotify's service—a catalog that totals close to 20 million.
Downloadify worked simply: Since Spotify allowed premium users to store songs locally with their monthly subscription, Spotify mistakenly allowed Downloadify to copy any track that was played. Essentially, if you dind't already have the service, you could sign up, download anything and everything you wanted, and cancel your subscription. The ultimate digital cat-burglary.
But the extension was quickly removed by Google as word spread, and Spotify closed the gap in their security by the end of the day. Though it hasn't been wiped out just yet: Downloadify is still available on GitHub, with its coding pasted so people can freely modify the extension as Spotify updates against it.
The damage may be lasting for Spotify when it comes to the business side of things.
The encryption failure is a bad mess at a bad time. Spotifu is currently in talks with companies about forming a video-on-demand service to rival Netflix, and, as always, royalties are at the center of the meetings. For companies, that's like walking into a bank to open a savings account and seeing someone rob the place right in front of you. Would you still sign up? Didn't think so. Music labels and movie companies aren't known for keeping their cool when it comes to losing money.
