Does Audible Have a Security Loophole? Not That I Could Find

screen_shot_2014-09-15_at_11_34_09[1]Business Insider has a story up this morning which has me scratching my head.They're reporting that Audible, Amazon's audiobook sub, has a security problem.  According to BI's source,  Audible supposedly doesn't check credit cards when you sign up for a prescription but instead checks when you use the first credit/I have issues with this report:

In a video provided to Business Insider, Alan Joseph, a 19-year-old computer science student from Bangalore, India, demonstrated the loophole. Business Insider was able to replicate the technique used by Joseph to download audio books for free.

...

Using a fake name, fake email address and a fake credit card, users are able to create an account on Audible, and purchase any member program. Business Insider was able to purchase the most expensive membership program, a $229 24-book "Platinum Annual Membership," using fake credit card information.

After the membership is applied to an account, users are given a number of credits to purchase books as part of the membership. Despite using randomized fake card details, the credits are still applied to accounts.

Amazon only checks the credit card information after a user "buys" an audio book using a credit gained from a membership program purchased using a fake credit card.

I would like to disbelieve this report as simply being too implausible, but to be honest I have seen similar mistakes with other retailers, including one which allowed me to continue to buy  and download ebooks after I cancelled a subscription.

Furthermore, it appears Amazon has patched that security hole. I tried and failed to replicate the loophole mentioned in the Business Insider article, and Amazon refused to accept the fake credit card number I used for the fake account  (which is exactly what should have happened).

So even if this story was true when BI posted it, it is no longer true. Or at the very least, I cannot confirm the accuracy of the story.

About Nate Hoffelder (11598 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:"I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

2 Comments on Does Audible Have a Security Loophole? Not That I Could Find

  1. Was your fake credit card number properly formed? CC numbers have a check digit.

1 Trackbacks & Pingbacks

  1. Your Amazon Account Can be Hacked via a Kindle eBook - The Digital Reader

Leave a comment

Your email address will not be published.


*