Skip to main content

B&N Closed a 3 Month Old Security Leak Last Weekend

It turns out that I was slightly wrong Monday when I posted about B&N’s expansion plans. Barnes & Noble didn’t actually plan to sell ebooks in South America; they neglected to make sure that their firewall was working.

As you probably know, B&N doesn’t sell ebooks outside the US or Canada. They enforce this rule by checking the IP address of the customer (this can give a good idea of the location). If anyone wants to buy an ebook from outside the US, they generally have to engage in a small mount of tech-jitsu (using a VPN or IP proxy, for example).

I now have evidence that, for at least the months of December 2011 through February 2012, Barnes & Noble wasn’t checking IP addresses.

It took me  few days to reach someone who would go on the record. My original source wasn’t in a position to tell me anything, not even off the record, but I found someone who would.

Antonio Hermida works in ebook production at Simplíssimo Livros, the Brazilian digital publishing firm. He confirmed that he bought an ebook from B&N back in December. He was in Brazil at the time, and he reports that he did not have to use any trickery.

I was just clicking and worked (the book was sold and the download was started).  So, in a conversation with a friend, I tried again (in Buenos Aires, that time) and, again: downloaded.
Finally, 3 days ago (I think), my status changed (credit card invalid or something like) and the books cannot be bought from my nook touch or, first edition.

The two books that I acquired was brought without proxy or any "hacker" thing. The second was bought in a book store with open network.

Did you catch the part where he could still buy ebooks from B&N as of late last week?

It’s not clear how my original source heard about it, but she did.  She tried it and then tweeted about her success. She has since deleted the tweet, so you might not put as much weight on it as I do.

So why is this such a big deal? Well, what looks to you like a few mistaken ebook sales might be contract violations and potentially copyright infringement (it depends on how you look at it). Barnes & Noble doesn’t have the rights to sell ebooks outside the US (with the exception of Canada).

So besides being incredibly sloppy, this incident has the potential of  pissing off publishers. Lawsuits would seem unlikely, given that B&N would prefer to settle this matter quietly. But it is still a facepalm moment for B&N.

I have queried B&N on this story, and they issued a denial:

Not sure where you are getting your information, but this is not accurate.

I’ll let you take that as you will. To be honest, this story is so fantastic I’m not sure anyone is going to believe me. But I am posting this story because I believe my sources.

Update: Please read the comments. This isn’t B&N’s first leak.

Similar Articles


Mikaela March 1, 2012 um 1:15 pm

Well. Interestingly enough until November-December last year I was available to download free books from BN. I didn’t bother hiding my IP, and I used a Swedish CC card and my Swedish address. It worked, until BN plugged the hole. In fact, there were a thread about it in the Nook board at MobileRead.

So ,it is possible that there were another glitch when it comes to South America.

anne March 1, 2012 um 2:28 pm

I’m in France. I got a Nook. I’m going to try tome get a book tonight. You make me curious!

Bob March 1, 2012 um 3:31 pm

If there aloud to sell ebooks to Canada then why won’t they ship a nook to Canada?

Ian March 1, 2012 um 7:44 pm

About a month ago I was buying a book from B&N (I do this all the time using a VPN service.. I refuse to buy books from Amazon) but on that day I forgot to turn the VPN on, I was still able to purchase the book. I’m in Australia … I didn’t try again as I didn’t want to draw attention to my account.

The B&N Nook Store Leaks Like a Sieve – The Digital Reader April 11, 2012 um 12:14 pm

[…] About a month ago I brought you news about a recently closed security leak in the B&N Nook Store, which the numerous comments have indicated was a common occurrence. […]

I Didn’t Get an Invite to Yesterday’s Nook Event Because I’m Too Good at My Job – The Digital Reader April 13, 2012 um 6:04 pm

[…] only reason that I can see for them to exclude me was that I write stuff they don’t like. The Nook Store security leak story from last month would be a good example, or the Nook Color Acclaim, the November Nook Tablet […]

Write a Comment