The True Story Behind The Spotify Incident

The Spotify incident, which saw the site's password hashes compromised, hides more than meets the eye and has a lot to do with a little known Open source application called Despotify.

Despotify is a nifty little open source software client for online music service Spotify and aims to provide "tools to allow third parties to develop new and cool services that make use of Spotify's platform and services."

It has later emerged that the unknown group to which Spotify refers to in the two blog posts announcing the security issue was Swedish "hacking" group behind the Despotify team. Note that at no time, Spotify uses the word "hacker" or "criminal".

Members of the Despotify group are anonymous but claim to be a "group of Swedish computer science researchers, security professionals and geeks who believe strongly in the right to tinker with technology."

Prior to the security "breach", Spotify and Despotify have had a number of exchanges leading to Spotify to block Despotify users using free accounts although those on Premium accounts could use it. Despotify agreed that it will NOT "circumvent this block, nor accept any patches circumventing it".

Despotify points to the fact that most news sites reporting the incident did not even comprehend what really happened although Spotify's blog posts did provide with ample information. Even the BBC at some point mentioned that the "hackers" had stolen user data.