B&N Closed a 3 Month Old Security Leak Last Weekend

It turns out that I was slightly wrong Monday when I posted about B&N's expansion plans. Barnes & Noble didn't actually plan to sell ebooks in South America; they neglected to make sure that their firewall was working.

As you probably know, B&N doesn't sell ebooks outside the US or Canada. They enforce this rule by checking the IP address of the customer (this can give a good idea of the location). If anyone wants to buy an ebook from outside the US, they generally have to engage in a small mount of tech-jitsu (using a VPN or IP proxy, for example).

I now have evidence that, for at least the months of December 2011 through February 2012, Barnes & Noble wasn't checking IP addresses.

It took me  few days to reach someone who would go on the record. My original source wasn't in a position to tell me anything, not even off the record, but I found someone who would.

Antonio Hermida works in ebook production at Simplíssimo Livros, the Brazilian digital publishing firm. He confirmed that he bought an ebook from B&N back in December. He was in Brazil at the time, and he reports that he did not have to use any trickery.

I was just clicking and worked (the book was sold and the download was started).  So, in a conversation with a friend, I tried again (in Buenos Aires, that time) and, again: downloaded.
Finally, 3 days ago (I think), my status changed (credit card invalid or something like) and the books cannot be bought from my nook touch or, first edition.

The two books that I acquired was brought without proxy or any "hacker" thing. The second was bought in a book store with open network.

Did you catch the part where he could still buy ebooks from B&N as of late last week?

It's not clear how my original source heard about it, but she did.  She tried it and then tweeted about her success. She has since deleted the tweet, so you might not put as much weight on it as I do.

So why is this such a big deal? Well, what looks to you like a few mistaken ebook sales might be contract violations and potentially copyright infringement (it depends on how you look at it). Barnes & Noble doesn't have the rights to sell ebooks outside the US (with the exception of Canada).

So besides being incredibly sloppy, this incident has the potential of  pissing off publishers. Lawsuits would seem unlikely, given that B&N would prefer to settle this matter quietly. But it is still a facepalm moment for B&N.

I have queried B&N on this story, and they issued a denial:

Not sure where you are getting your information, but this is not accurate.

I'll let you take that as you will. To be honest, this story is so fantastic I'm not sure anyone is going to believe me. But I am posting this story because I believe my sources.

Update: Please read the comments. This isn't B&N's first leak.

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

6 Comments

  1. Mikaela1 March, 2012

    Well. Interestingly enough until November-December last year I was available to download free books from BN. I didn’t bother hiding my IP, and I used a Swedish CC card and my Swedish address. It worked, until BN plugged the hole. In fact, there were a thread about it in the Nook board at MobileRead.

    So ,it is possible that there were another glitch when it comes to South America.

    Reply
    1. anne1 March, 2012

      I’m in France. I got a Nook. I’m going to try tome get a book tonight. You make me curious!

      Reply
  2. Bob1 March, 2012

    If there aloud to sell ebooks to Canada then why won’t they ship a nook to Canada?

    Reply
  3. Ian1 March, 2012

    About a month ago I was buying a book from B&N (I do this all the time using a VPN service.. I refuse to buy books from Amazon) but on that day I forgot to turn the VPN on, I was still able to purchase the book. I’m in Australia … I didn’t try again as I didn’t want to draw attention to my account.

    Reply
  4. […] About a month ago I brought you news about a recently closed security leak in the B&N Nook Store, which the numerous comments have indicated was a common occurrence. […]

    Reply
  5. […] only reason that I can see for them to exclude me was that I write stuff they don’t like. The Nook Store security leak story from last month would be a good example, or the Nook Color Acclaim, the November Nook Tablet […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top