Customer Discussions > Kindle forum

change your amazon passwords - hackers got me!


Sort: Oldest first | Newest first
Showing 1-25 of 58 posts in this discussion
Initial post: Mar 13, 2012 2:57:14 PM PDT
NRAmember says:
Today I received an email from Amazon, as I do often, to inform me of my order confirmation. The only issue was I had not even logged into Amazon and did not place a order. After having to Google just to get the Amazon phone number, I was able to get the order canceled, oh that did take about 45 minutes on the phone going back and forth. The end result, if you have a creditcard setup within Amazon, anyone that gets your Amazon password can login as you (they need your email address too, but that part is easy) and purchase anything they want, without having to provide any further credit card security information, like the 3 digit code on the back. this is a major security hole IMO. They did this for the Kindle stuff, but left a big security hole.

So, change your password, and change it often, and make it hard.

Delete any cxredit cards setup within Amazon, or run the risk of fraud and hope you catch it in time.

This bogus order was for 1 mp3 song for the Kindle, which I don't even own. The cost was only $8.99, but the order confirmation email saved me and I'm glad I happened to see it. Hackers try cheap things like this, and if it works ,they go for the $8,999. order next!

Amazon security should be updated to force that even with registered cards, you must always provide the security code on the credit card. For Kindle quick downloads, they need more security if they want that to be safe. I don't even own a Kindle, and yet somebody with a Kindle hacked my account and downloaded the song. Beware!

In reply to an earlier post on Mar 13, 2012 3:03:35 PM PDT
Kessa says:
[Customers don't think this post adds to the discussion. Show post anyway. Show all unhelpful posts.]

In reply to an earlier post on Mar 13, 2012 3:04:53 PM PDT
Just Peachy says:
How do you know it was from a Kindle?

In reply to an earlier post on Mar 13, 2012 3:06:13 PM PDT
quilt lover says:
Hmmm, I can't even buy mp3s from my kindle. Maybe a Fire?
Your reply to quilt lover's post:
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
 

Posted on Mar 13, 2012 3:07:54 PM PDT
CBRetriever says:
unless you have a kindle registered to your account, it's not possible to buy something for the kindle unless it was bought as a gift and in that case the email would have stated who it was bought for or listed their email.

and aren't mp3s more for ipods?

In reply to an earlier post on Mar 13, 2012 3:08:28 PM PDT
Kindles have nothing to do with it. Anyone with a computer can buy mp3's.

Posted on Mar 13, 2012 3:12:24 PM PDT
CBRetriever says:
to buy it for a kindle he/she would have had to register a kindle to your account, then buy the mp3 and down load it - as I check my bank account / credit card daily, I'd notice something immediately

Posted on Mar 13, 2012 3:43:36 PM PDT
Last edited by the author on Mar 13, 2012 3:51:58 PM PDT
Jazzy_Jeff says:
I use a password generator and run Linux, no one is getting my passwords. I also check my bank account every morning.

This is a typical password sample I use: KV}b19-MP)Au/:<QF!P(

Posted on Mar 13, 2012 3:47:40 PM PDT
flipoid says:
$8.99 for ONE MP3 song? That's an awfully expensive song.

And I don't think the Kindle itself had anything to do with this.

Posted on Mar 13, 2012 4:08:31 PM PDT
NRAmember says:
Support people said it was a Kindle purchase, and NO I do not have a Kindle Fire on my account. The bottom line is the security is built on a email name and a password. Anyone who obtains those two pieces of information for a Amazon account with a credit card registered, will be able to purchase anything want.

Support was confused how this happened, and not much help. They just blamed it on a password breech and didn't bother to comment on the security risk.

As for the cost, I cannot comment because I cannot even pronounce the song or singer, I bet it's not even in english. It may have been an album for that price, who knows.

In reply to an earlier post on Mar 13, 2012 4:15:38 PM PDT
"Kessa's Ferrets says:
I don't know anybody who doesn't change all of their passwords every 3 to 4 weeks. I am surprised that you didn't do this before this happened. It's common knowledge."

Uh, I don't change mine unless forced to. Just too darn hard to remember new ones.

Posted on Mar 13, 2012 4:20:23 PM PDT
Old Rocker says:
If it was sent to a Kindle, wouldn't that Kindle have to be registered on the OP's account??

In reply to an earlier post on Mar 13, 2012 4:20:27 PM PDT
Kessa says:
I use index cards - it's alphabetized, easy to switch in new passwords & if I forget a password, easy to check. =)

In reply to an earlier post on Mar 13, 2012 4:32:56 PM PDT
Yes.

In reply to an earlier post on Mar 13, 2012 4:34:37 PM PDT
~nospin says:
I would think that is why customer service had a hard time understanding him.

I would think it was not a kindle purchase but a one click purchase which the rep explained "like a kindle purchase"

Still seems odd because you know customer service would have done something to recompense him for the inconvenience if all the facts fit.

In reply to an earlier post on Mar 13, 2012 4:35:42 PM PDT
I don't change ours that often, but do keep them rather complicated and don't use the same one for banking that we use anywhere else.

I do confess to a cheat sheet with user names and passwords though.

In reply to an earlier post on Mar 13, 2012 4:38:51 PM PDT
Just Peachy says:
There's an app for that.
Seriously, I have an app on my phone for passwords. Of course you have to know the password for the app.

In reply to an earlier post on Mar 13, 2012 4:40:13 PM PDT
Just Peachy says:
A lot of ecommerce sites only require you to enter the credit card information once and they keep it on file. I believe you can remove it from your Amazon account and reenter it each time you want to make a purchase.

Posted on Mar 13, 2012 4:40:36 PM PDT
MamaSylvia says:
And, frankly, it's pretty easy to make it hard to hack into your account. I use an email for my Amazon account that I do NOT use anywhere else. I'm easy to find - I have an email addy on my user profile - but someone would have to be really dedicated to hacking my account in order to figure out my Amazon email. Hopefully, my financial situation is not good enough to attract that kind of dedication.

<off to figure out Jeff's current pw - with that pattern, how hard could it be?>

Posted on Mar 13, 2012 4:51:50 PM PDT
PageTurner says:
Jazzy_Jeff,
How do you keep track of your passwords?

Posted on Mar 13, 2012 5:03:13 PM PDT
It sounds to me like you didn't reach Kindle CS, only general Amazon CS. If it was a purchase made on or for a kindle, there would HAVE to be some way they could trace which kindle the purchase was on or for (even purchased as a gift for another kindle you'd have to put in the email address associated with the recipient's kindle, which would allow them to track down the serial no of the kindle in question), which they could then block as fraudulent.

Actually, to be really honest, it sounds to me like a fabricated example to push a particular point - which is that your Amazon password does indeed give access to any of your credit card details on file.

Posted on Mar 13, 2012 5:04:21 PM PDT
Shabuboy says:
I use passwdSafe to keep track of passwords.

It can even work with a dropbox and passwdsafe combo. Works great on the KF.

Posted on Mar 13, 2012 5:05:37 PM PDT
Doesn't anyone else wonder about ONE MP3 song that cost $8.99?

In reply to an earlier post on Mar 13, 2012 5:06:24 PM PDT
Just Peachy says:
But it's probably not English!!!1!!!!!111!

(whatever that has to do with it)

Posted on Mar 13, 2012 5:15:23 PM PDT
I was just thinking that we don't know this OP...whose to say they are not phishing for info about who hasn't changed a password in awhile, and who is not likely to. I think I am going to go change mine!
‹ Previous 1 2 3 Next ›
[Add comment]
Add your own message to the discussion
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
Prompts for sign-in
 


 

This discussion

Discussion in:  Kindle forum
Participants:  34
Total posts:  58
Initial post:  Mar 13, 2012
Latest post:  Sep 2, 2014

New! Receive e-mail when new posts are made.

Search Customer Discussions