September 16, 2014
Amazon is just straight up letting people steal audiobooks now
by Liam O’Brien
Amazon’s perverse definition of “customer service for books” has turned into new, previously uncharted territory; they’re doing away with the “paying” part of shopping and just letting you just have stuff for free. Though not throwing books without warning directly at your face via drone (yet), they’re doing the absolutely laughablest minimum to ensure you won’t steal audiobooks from Audible.com, their wholly owned audiobook retail subsidiary.
Business Insider was recently tipped off about a risible security flaw in Audible’s purchasing process. For those of you who only know Audible as the sponsor of all your favorite podcasts, the online audiobook retailer offers tiered membership options upon signup, which you are asked very nicely to pay for with a real credit card. Some of these memberships come with credits that, once signup is complete, can be used to buy audiobooks. However, Aubible doesn’t verify the credit card used to purchase these memberships until after the credits run out.
Even then, when Audible rejects the fake card, one can simply re-up their membership using the same fake credit card information, get a fresh set of new credits, and the appalling cycle of minimally-discouraged piracy begins anew. We at MobyLives never thought we’d write the following sentence, but here we go: Amazon is officially operating on the honor system.
Both Business Insider and Gizmodo provide their own walk-throughs of the entire shameful process, which is mortifying enough. However, Business Insider is nice enough to place a cherry on top of this woefully unsecured sundae:
Emails shown to Business Insider reveal that Amazon and Audible were first made aware of the exploit in March 2013, yet failed to respond to repeated warnings about the loophole.
In a statement to Business Insider, Audible emphasized that customer data was not at risk due to the loophole in the site, remarking “This is a fraud issue, not a security issue. The fraudulent activity did not put any customer data at risk of exposure, nor did it affect customer experience in use of Audible.com; no honest Audible customer has been or will be injured by this. While we are constantly working to improve ease of use by customers, any momentary breach is closed quickly through our process when invalid credit cards are used. We take the act of fraud very seriously—and always have and always will.”
This is likely an instance of simple bureaucratic neglect and not intentional sabotage. We doubt that there’s an anarcho-primitivist code monkey, hiding somewhere in Amazon’s facilities, whose sole mission is to sap Amazon’s coffers of sweet audiobook profits. But if that’s the case, and you’re out there, we’d love to hear from you.
Liam O’Brien is the Senior Sales & Marketing Manager at Melville House, and a former bookseller.