Skip to main content

Spotify patches Chrome exploit that allowed MP3 downloads of any song

Spotify patches Chrome exploit that allowed MP3 downloads of any song

Share this story

spotify new proper size
spotify new proper size

Spotify has patched an exploit that allowed a Chrome browser extension to download any song available on the music streaming service. We have tested and can confirm that the Downloadify tool is no longer able to connect to Spotify's web player. By allowing premium users to store tracks locally as part of their monthly subscription, Spotify inadvertently allowed the Downloadify tool to grab a copy of any song from its catalog of over 20 million tracks.

Google moved quickly to remove Downloadify from the Chrome Web Store but it is still available via a repository on GitHub. Developer Robin Aldenhoven confirmed to The Verge that the tool no longer works, noting that Spotify has employed a more streamlined and secure protocol that makes it harder to request stored tracks. Aldenhoven also said that the project would not be updated to circumvent Spotify's new security measures. We have reached out to Spotify for confirmation.