Yesterday Spotify saw one of its worst fears come true when a Google Chrome extension popped up in the Chrome Web Store that allowed Spotify users to download music from the streaming service. This hole in Spotify's DRM became possible because of the fact that the company's web player does not encrypt the MP3 file that is downloaded for playback.
The Chrome Extension, which has now been removed from the Google Web Store, would begin downloading the DRM-free MP3 to a user specified location, as soon as it began playing. This put Spotify in a tough spot as it now allowed any user, free or paid, to download as many songs as they wanted from its massive 20 million song library.
Spotify has since patched its web player and began encrypting the data stream to prevent further exploits of this kind from happening. As an avid user of Spotify and a premium subscriber from US launch at day one, I really hope that Spotify is able to curb the possibility of future hacks, because I would be lost without its service.