Amazon closes security hole, quietly

Amazon has very strict policies in place regarding how users can sign-up to their site and begin making purchases. But what would you do if you needed to change the email address of your account that contained your name, address, credit/debit card details?

What Amazon allowed was for an account holder to call in and change the email address as long as the caller could be identified by name, email address and mailing address. It’s these details that can be easily obtained online.

On Tuesday Amazon amended their policy preventing users from calling and making account settings changes, like their card details or email addresses associated with their account. No official comment has been made by Amazon, but representatives have stated that the changes have been put in place for “your security.”

On Friday 3rd of August, a 19 year old hacker, identified as “Phobia”, gained access to Honan’s account. You can read Neowin's report on how the situation then spiralled out of Honan’s control here.

Honan himself has admitted that daisy-chaining his accounts together was his own fault and he deeply regrets his lapses in security.

Amazon’s policy change was discovered when attempts to replicate the exploit failed.

Source: Wired

Report a problem with article
Previous Story

Is 640 x 1136 the new screen resolution of the iPhone 5?

Next Story

GRID 2 announced, coming in 2013

8 Comments

Commenting is disabled on this article.

Now we wait for the Apple haters to turn it around so all the blame is on them, and then the Apple lovers will come to the defense....no matter how advanced a password system gets the weakest link will always be us.

Tim Dawg said,
What does this have to do with Apple? The word "Apple" was never used in the story. Are we flame-baiting here??

Read the other article linked in this one.

How is calling up Amazon and using basic user easily obtainable online to reset an account email address hacking?

TCLN Ryster said,
How is calling up Amazon and using basic user easily obtainable online to reset an account email address hacking?

These days, even a bit of social engineering is lumped under hacking.

TCLN Ryster said,
How is calling up Amazon and using basic user easily obtainable online to reset an account email address hacking?

It's basically phishing/social engineering, not hacking.

TCLN Ryster said,
How is calling up Amazon and using basic user easily obtainable online to reset an account email address hacking?
Media and society in general has managed to muddle the term hacking. Might as well get use to it at this point because it will never change back. Getting on a computer that someone left signed into Facebook is now considered hacking, no matter how many times we try and correct the people using the term incorrectly.