Does Audible Have a Security Loophole? Not That I Could Find

Does Audible Have a Security Loophole? Not That I Could Find Amazon Audiobook Business Insider has a story up this morning which has me scratching my head.

They're reporting that Audible, Amazon's audiobook sub, has a security problem.  According to BI's source,  Audible supposedly doesn't check credit cards when you sign up for a prescription but instead checks when you use the first credit/

I have issues with this report:

In a video provided to Business Insider, Alan Joseph, a 19-year-old computer science student from Bangalore, India, demonstrated the loophole. Business Insider was able to replicate the technique used by Joseph to download audio books for free.

...

Using a fake name, fake email address and a fake credit card, users are able to create an account on Audible, and purchase any member program. Business Insider was able to purchase the most expensive membership program, a $229 24-book "Platinum Annual Membership," using fake credit card information.

After the membership is applied to an account, users are given a number of credits to purchase books as part of the membership. Despite using randomized fake card details, the credits are still applied to accounts.

Amazon only checks the credit card information after a user "buys" an audio book using a credit gained from a membership program purchased using a fake credit card.

I would like to disbelieve this report as simply being too implausible, but to be honest I have seen similar mistakes with other retailers, including one which allowed me to continue to buy  and download ebooks after I cancelled a subscription.

Furthermore, it appears Amazon has patched that security hole. I tried and failed to replicate the loophole mentioned in the Business Insider article, and Amazon refused to accept the fake credit card number I used for the fake account  (which is exactly what should have happened).

So even if this story was true when BI posted it, it is no longer true. Or at the very least, I cannot confirm the accuracy of the story.

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

3 Comments

  1. […] might not have a security issue at Audible but they do have one on their main […]

    Reply
  2. puzzled15 September, 2014

    Was your fake credit card number properly formed? CC numbers have a check digit.

    Reply
    1. Nate Hoffelder15 September, 2014

      Maybe not, but I don’t know how to tell.

      But I think you just showed its not as simple as they made it soumd.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top