U.S. markets close in 4 hours 57 minutes
  • S&P 500

    +45.37 (+1.10%)
  • Dow 30

    +238.98 (+0.70%)
  • Nasdaq

    +226.21 (+1.72%)
  • Russell 2000

    +40.48 (+1.86%)
  • Crude Oil

    +1.05 (+1.65%)
  • Gold

    +12.30 (+0.67%)
  • Silver

    +0.33 (+1.22%)

    +0.0051 (+0.42%)
  • 10-Yr Bond

    -0.0190 (-1.14%)

    +0.0034 (+0.24%)

    +0.0010 (+0.00%)

    +1,050.11 (+2.10%)
  • CMC Crypto 200

    +65.76 (+4.84%)
  • FTSE 100

    +65.75 (+0.94%)
  • Nikkei 225

    +636.46 (+2.32%)

A Loophole In Audible Allows Anyone To Download Unlimited Audio Books For Free

James Cook
Broken Lock
Broken Lock

Nick Carter/Flickr

A teenager in India has discovered a major loophole in Amazon-owned audio book retailer Audible that allows anyone to download an unlimited amount of audio books for free.

Security flaws in Audible mean the site doesn't wait to authenticate credit card payments before allowing users to purchase books, meaning that anyone can provide the site with fake information and download an unlimited amount of audio books.

In a video provided to Business Insider, Alan Joseph, a 19-year-old computer science student from Bangalore, India, demonstrated the loophole. Business Insider was able to replicate the technique used by Joseph to download audio books for free.

Using a fake name, fake email address and a fake credit card, users are able to create an account on Audible, and purchase any member program. Business Insider was able to purchase the most expensive membership program, a $229 24-book "Platinum Annual Membership," using fake credit card information.

Amazon Audible loophole screenshot
Amazon Audible loophole screenshot


After the membership is applied to an account, users are given a number of credits to purchase books as part of the membership. Despite using randomized fake card details, the credits are still applied to accounts.

Audible loophole screenshot showing credits from membership program
Audible loophole screenshot showing credits from membership program


Amazon only checks the credit card information after a user "buys" an audio book using a credit gained from a membership program purchased using a fake credit card.

Audible screenshot showing card renewal trick
Audible screenshot showing card renewal trick


But the warning that Amazon displays after attempting to verify the payment is easily avoided. All users need to do is renew their membership using the fake card information and they have more credits to buy audio books with.

Audible loophole screenshot
Audible loophole screenshot


Emails shown to Business Insider reveal that Amazon and Audible were first made aware of the exploit in March 2013, yet failed to respond to repeated warnings about the loophole.

In a statement to Business Insider, Audible emphasized that customer data was not at risk due to the loophole in the site, remarking "This is a fraud issue, not a security issue. The fraudulent activity did not put any customer data at risk of exposure, nor did it affect customer experience in use of Audible.com; no honest Audible customer has been or will be injured by this. While we are constantly working to improve ease of use by customers, any momentary breach is closed quickly through our process when invalid credit cards are used. We take the act of fraud very seriously—and always have and always will."

If Audible checked credit card information before providing accounts with book credits, then the loophole wouldn't work. But the site has a relaxed approach to security, allowing users to sign up with fake email addresses and purchase items without so much as verifying the email address used.

More From Business Insider