The key to ‘hacking’ Amazon accounts? Persistence

It turns out if you want to break into someone else’s Amazon account, you don’t need to know their password, mother’s maiden name, or what their first pet was called. You just need to keep asking for information. That’s what happened with the case of Eric Springer, who found that Amazon customer support had handed over his personal information with just some gentle prodding.

Although Springer describes himself as a security-conscious individual, using long passwords and two-factor authentication where possible, he recently discovered that his Amazon account had been “hacked” when the retailer emailed him as a follow up to a support chat. Knowing that that hadn’t taken place, he looked into it and was able to recover a chat log between someone claiming to be him and an Amazon employee.

Although that support worker did ask for information on Springer to confirm it was really him, for some reason they accepted an address that was merely near to where Springer was located, cribbed from a Whois lookup of his website. The phony customer then pressed the support worker for more information and was quickly told the real address and phone number of Springer, as well as the balance of any gift cards on the account.

“The attacker gave Amazon my fake details from a Whois query, and got my real address and phone number in exchange. Now they had enough to bounce around a few services, even convincing my bank to issue them a new copy of my credit card,” Springer broke down on his blog, after expressing sheer amazement that such a security hole could exist in the Amazon support system.

That wasn’t the end of it either. Despite letting Amazon know that his account was at risk of being socially engineered, Springer found several months later that another incident had taken place, when his personal information was coaxed out of an Amazon support rep. They even tried (albeit unsuccessfully) to discover the last few digits of his credit card.

Perhaps catching on to the fact that Springer was aware of their actions, the nefarious individuals going after his account then contacted support by phone and seemingly were able to acquire his credit card details.

As well as providing a number of strongly worded recommendations to Amazon, Springer also encourages everyone to be very careful with any information shared with any service, as you never know how it could be used to compromise other data.

Computing

Was your Facebook account hacked in the latest breach? Here’s how to find out

Facebook now reports that its latest data breach affected only 30 million users, down from an initial estimate of 50 million accounts. You can also find out if hackers had accessed your account by visiting a dedicated portal.
Computing

How to protect your iCloud account

From Chinese hacking to identity theft, it's not surprising if you're a little worried about your iCloud data. Here's how to protect your iCloud account with a few simple security steps. It will only take a few minutes, and we'll walk you…
Movies & TV

The best shows on Netflix in October, from 'Mindhunter’ to ‘The Good Place’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Music

Spotify vs. Pandora: Which music streaming service is better for you?

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…
Photography

Adobe's "creativity conference" begins October 15. Here's what we hope to see

Each year, Adobe uses its Adobe MAX conference to show off its latest apps, technologies, and tools to help simplify and improve the workflow of creatives the world over. Here's what you should expect from this year's conference.
Emerging Tech

Awesome Tech You Can’t Buy Yet: DIY smartphones and zip-on bike tires

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Product Review

The Oculus Rift is cheaper, the Vive Pro is better. Is the original Vive still worth it?

The Oculus Rift may have brought virtual reality into the public eye, but HTC’s Vive, built in partnership with Valve, does it better. Does the Vive still represent the true future of virtual reality, or are there better competitors on…
Computing

Don't take your ISP's word for it: Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.
Computing

Nvidia is slowly rolling out its next generation of GPUs. Here's what you need to know about them

Nvidia's new RTX 2000 series graphics cards are impressive pieces of hardware, with some amazing advancements and some rather high price tags to match. Here's everything you need to know about Nvidia's new top-tier cards.
Computing

Lenovo and Dell make great professional laptops, but who does it best?

Finding the best laptop for professional use at the office, on the move, and at home is no easy task. There's plenty to choose but to find the best of the best, we pitted the Lenovo ThinkPad X1 Extreme vs. Dell XPS 15.
Emerging Tech

Here’s all the best gear and gadgetry you can snag for $100 or less

A $100 bill can get you further than you might think -- so long as you know where to look. Check out our picks for the best tech under $100, whether you're in the market for headphones or a virtual-reality headset.
Emerging Tech

What the heck is machine learning, and why is it everywhere these days?

Machine learning has been responsible for some of the biggest advances in artificial intelligence over the past decade. But what exactly is it? Check out our handy beginner's guide.
Computing

Personal info of 30,000-plus Pentagon employees compromised in contractor breach

The Pentagon is facing another security problem after it was discovered that a contractor was responsible for a leak of data that affected more than 30,000 Pentagon employees, both civilian and military.