Chapin Information Services (CIS) uncovered a flaw in the Yahoo Music service that would allow users to
download files without paying for them.
The new Music Unlimited Beta was opened to the public just two weeks ago. Free trials are available for
seven days, and premium subscriptions are being offered for $4.99 per month.
Customers normally incur a charge of 79 cents when a music file is copied to a CD or portable music
player. This file would then be free from Digital Rights Management (DRM) restrictions that are imposed
upon the music before it is purchased.
In light of this discovery, however, customers can obtain the files without DRM protections by using
standard tools available on the Internet.
CIS initially reported flaws during day-one of the public beta period, but had found only installation and
interface bugs. During additional testing this week, the Yahoo website exposed more serious design
"For a savvy Internet user, the flaws in this music system could make it easier to download the music for
free than it is to pay for the same file," said Robert Chapin, President of CIS.
Standard accounts and Internet equipment are being used to pinpoint the cause of the problem. At this
time, Yahoo has not acknowledged the CIS security report.
CIS is a small Michigan business with a variety of technology automation activities. CIS has detected
major security flaws in public and private networks for banks, schools, computer manufacturers, and open
More information on this issue will be available soon.