Streaming service hit by app that enabled users to steal songs from its browser-based player
Spotify has rushed to close a loophole that allowed its users to download songs from the streaming service for free.
The exploit was enabled by an extension to the Google Chrome browser called Downloadify. It enabled users to download the MP3 file of a song via a security hole in Spotify's web player.
Google has since removed the extension from its Chrome store. However, it is still available to download from other websites.
Spotify has confirmed that it fixed the issue.
According to the creator of Downloadify, the loophole was caused by Spotify not encrypting music it stored online. However, he insisted that he did not release the app to damage the service.
Speaking on Twitter, Robin Aldenhoven said: "I could not believe it myself that they did so little to protect their library," adding later, "Spotify = awesome… so I don't want to damage them."
Other streaming services have long suffered from similar problems.
A quick search shows a multitude of options to illegally rip music from popular music services, such as iTunes, Spotify, and YouTube.
However, solicitors have said the law makes its position on the issue clear.
"It is effectively stealing," Sheena Sheikh, a solicitor from intellectual property specialists Briffa told the BBC.
"You are committing an infringement," she added. "You're not authorised to download the songs. You don't have permission."
Spotify is the world's most popular streaming service. In March, Spotify revealed it had surpassed six million paid subscriptions.
Then in April, it was revealed that royalty revenues from streaming music had passed those from music played on the radio in the UK.