They’re reporting that Audible, Amazon’s audiobook sub, has a security problem. According to BI’s source, Audible supposedly doesn’t check credit cards when you sign up for a prescription but instead checks when you use the first credit/
I have issues with this report:
In a video provided to Business Insider, Alan Joseph, a 19-year-old computer science student from Bangalore, India, demonstrated the loophole. Business Insider was able to replicate the technique used by Joseph to download audio books for free.
Using a fake name, fake email address and a fake credit card, users are able to create an account on Audible, and purchase any member program. Business Insider was able to purchase the most expensive membership program, a $229 24-book “Platinum Annual Membership,” using fake credit card information.
After the membership is applied to an account, users are given a number of credits to purchase books as part of the membership. Despite using randomized fake card details, the credits are still applied to accounts.
Amazon only checks the credit card information after a user “buys” an audio book using a credit gained from a membership program purchased using a fake credit card.
I would like to disbelieve this report as simply being too implausible, but to be honest I have seen similar mistakes with other retailers, including one which allowed me to continue to buy and download ebooks after I cancelled a subscription.
Furthermore, it appears Amazon has patched that security hole. I tried and failed to replicate the loophole mentioned in the Business Insider article, and Amazon refused to accept the fake credit card number I used for the fake account (which is exactly what should have happened).
So even if this story was true when BI posted it, it is no longer true. Or at the very least, I cannot confirm the accuracy of the story.