Wednesday, August 8, 2012

Amazon Quietly Closes Security Hole After Journalist’s Devastating Hack

Amazon closed a privacy hole on Monday that previously allowed hackers access to Amazon accounts over the phone using just a name, email address and mailing address — three pieces of information easily found for many on the web. Photo: Ariel Zambelich/Wired

Amazon changed its customer privacy policies on Monday, closing security gaps that were exploited in the identity hacking of Wired reporter Mat Honan on Friday.

Previously, Amazon allowed people to call in and change the email address associated with an Amazon account or add a credit card number to an Amazon account as long as the caller could identify him or herself by name, email address and mailing address — three bits of personal information that are easily found online.

On Tuesday, Amazon handed down to its customer service department a policy change that no longer allows people to call in and change account settings, such as credit cards or email addresses associated with its user accounts.

Amazon officials weren’t available for comment on the security changes, but during phone calls to Amazon customer service on Tuesday, representatives told us that the changes were sent out this morning and put in place for “your security.”

The security gap was used by hackers, one of whom identified himself as a 19-year-old going by the name “Phobia,” to gain access to Honan’s Amazon account on Friday. Once Phobia and another hacker gained access to Honan’s Amazon account, they were able to view the last four digits of a credit card linked to the account.

The hackers then used those four digits to trick Apple customer service into thinking it was dealing with Honan. Apple customer service then gave the hackers a temporary password into Honan’s Apple ID, which the hackers used to wipe his iPhone, iPad and MacBook, and gain access to a number of email accounts as well as his Twitter account.

We discovered Amazon’s policy change on Tuesday after we failed to replicate the exploits used on Honan this weekend. Amazon declined comment on the security hole on Monday, and has since failed to return repeated phone calls from Wired about the vulnerability.

Wired Reporter Roberto Baldwin contributed to this report.

Source: http://www.wired.com/gadgetlab/2012/08/amazon-changes-policy-wont-add-new-credit-cards-to-accounts-over-the-phone/

LINEAR TECHNOLOGY LEXMARK INTERNATIONAL

No comments:

Post a Comment