Despotify: "We do not want to harm Spotify"
The Despotify group extracted about 40 password hashes before the vulnerability was fixed. They are puzzled about why the information was so detailed. All they had to do was to add a shared, or collaborated, playlist. Spotify replied with loads of details about the playlist's owner account; Name, date of birth, e-mail address and a hashed password file.
Despotify developers did no actions to gain this particular information, the client asked about the play list and a lot more came back in the reply from the server.
Most of the accounts where information was extracted from was owned by friends and some Spotify employees.
But the Despotify-group do not want to call this a hack. The server was built to reply with this information about user detailes if asked by the client.
The purpose for the Despotify client was never to harm Spotify. Their project was only to supply an open source alternative to the official Spotify client and share knowledge and tools in the form of source code.
Despotify will continue to develop with the coders that are involved in the project.