B&N Closed a 3 Month Old Security Leak Last Weekend

It turns out that I was slightly wrong Monday when I posted about B&N's expansion plans. Barnes & Noble didn't actually plan to sell ebooks in South America; they neglected to make sure that their firewall was working.

As you probably know, B&N doesn't sell ebooks outside the US or Canada. They enforce this rule by checking the IP address of the customer (this can give a good idea of the location). If anyone wants to buy an ebook from outside the US, they generally have to engage in a small mount of tech-jitsu (using a VPN or IP proxy, for example).

I now have evidence that, for at least the months of December 2011 through February 2012, Barnes & Noble wasn't checking IP addresses.

It took me  few days to reach someone who would go on the record. My original source wasn't in a position to tell me anything, not even off the record, but I found someone who would.

Antonio Hermida works in ebook production at Simplíssimo Livros, the Brazilian digital publishing firm. He confirmed that he bought an ebook from B&N back in December. He was in Brazil at the time, and he reports that he did not have to use any trickery.

I was just clicking and worked (the book was sold and the download was started).  So, in a conversation with a friend, I tried again (in Buenos Aires, that time) and, again: downloaded.
Finally, 3 days ago (I think), my status changed (credit card invalid or something like) and the books cannot be bought from my nook touch or, first edition.

The two books that I acquired was brought without proxy or any "hacker" thing. The second was bought in a book store with open network.

Did you catch the part where he could still buy ebooks from B&N as of late last week?

It's not clear how my original source heard about it, but she did.  She tried it and then tweeted about her success. She has since deleted the tweet, so you might not put as much weight on it as I do.

So why is this such a big deal? Well, what looks to you like a few mistaken ebook sales might be contract violations and potentially copyright infringement (it depends on how you look at it). Barnes & Noble doesn't have the rights to sell ebooks outside the US (with the exception of Canada).

So besides being incredibly sloppy, this incident has the potential of  pissing off publishers. Lawsuits would seem unlikely, given that B&N would prefer to settle this matter quietly. But it is still a facepalm moment for B&N.

I have queried B&N on this story, and they issued a denial:

Not sure where you are getting your information, but this is not accurate.

I'll let you take that as you will. To be honest, this story is so fantastic I'm not sure anyone is going to believe me. But I am posting this story because I believe my sources.

Update: Please read the comments. This isn't B&N's first leak.

About Nate Hoffelder (10613 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:"I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

4 Comments on B&N Closed a 3 Month Old Security Leak Last Weekend

  1. Well. Interestingly enough until November-December last year I was available to download free books from BN. I didn’t bother hiding my IP, and I used a Swedish CC card and my Swedish address. It worked, until BN plugged the hole. In fact, there were a thread about it in the Nook board at MobileRead.

    So ,it is possible that there were another glitch when it comes to South America.

  2. If there aloud to sell ebooks to Canada then why won’t they ship a nook to Canada?

  3. About a month ago I was buying a book from B&N (I do this all the time using a VPN service.. I refuse to buy books from Amazon) but on that day I forgot to turn the VPN on, I was still able to purchase the book. I’m in Australia … I didn’t try again as I didn’t want to draw attention to my account.

2 Trackbacks & Pingbacks

  1. The B&N Nook Store Leaks Like a Sieve - The Digital Reader
  2. I Didn’t Get an Invite to Yesterday’s Nook Event Because I’m Too Good at My Job - The Digital Reader

Leave a comment

Your email address will not be published.


%d bloggers like this: