Customer Discussions > Gold Box forum

Amazon.com huge security flaw - article


Sort: Oldest first | Newest first
Showing 1-25 of 46 posts in this discussion
Initial post: Dec 19, 2012 4:59:17 PM PST
http://gizmodo.com/5969981/two+for+one-amazons-socially-engineered-replacement-order-scam?utm_source=gawker.com&utm_medium=recirculation&utm_campaign=recirculation

Posting to raise awareness, so that hopefully amazon can instruct their CSR dept to be more secure. Ugh, right around the holidays too.

In reply to an earlier post on Dec 19, 2012 5:18:40 PM PST
Lene Jensen says:
Thank you for the information. Good to know if something should happen.

Posted on Dec 19, 2012 6:20:33 PM PST
B. Perry says:
Thanks for the article. Some slimy people out there.

In reply to an earlier post on Dec 19, 2012 6:29:06 PM PST
Grumbler says:
for those of us smart enough not to go clicking links in the gbf forum, can you sum up what the article says?

In reply to an earlier post on Dec 19, 2012 6:57:36 PM PST
Lene Jensen says:
It is gizmodo. Be real.

Posted on Dec 19, 2012 7:15:27 PM PST
I wish that when you got a computer,it came with some kind of instructions so that people who are not magically born as computer genius can read articles about scams ect. because you can bet the company isn't going to tell you about security problems they have and I know there will be people who say well if you don't know how to work a computer why did you buy one? I didn't my brother bought it for me so I could keep in touch with family and because certain of my credit cards,if you dont pay them on the computer,it cost $25 to get customer service(laugh) to put the payment in. And as far as mailing the payment in I was having to have to post office poststamp the date I mailed it and give me a copy to prove to the credit card company that I mailed it 22 days before it was due and they were charging me late charges because they said they didn't recieve it by the due date.Its like if you don't have a computer in this country,half the world passes you by ,and yes I could get rid of my credit cards but there are actually 2 stores in my neighborhood that will not accept cash due to robbery and just try using a check nowadays (big laugh) so to Lene Jensen instead of saying be real,maybe you could have taken a couple of minutes and just hit the high points of maybe just give them the link address ,most of us have learned how to type a link address in the search box line,I didn't even write Grumblers comment but when I read your reply,I wished that I knew the site address so I could have given it to him,as for me,I will just have to be careful and not buy to much online because I too do not know all these places to go for help and find out about all the scams and lack of security of places like Amazon.com which is supposed to be a safe place to shop

Posted on Dec 19, 2012 7:21:55 PM PST
Sven for some reason your comment did not come up before I wrote my comment,thank you for taking the time to give the address to go look at the article,it was very cool that I had just remarked that I wish someone would at least put the site address so we can protect ourselves and there it was,Thank you so much,its people like you that make it so I can learn how to use my computer without getting in trouble and I am grateful you took the time.

In reply to an earlier post on Dec 19, 2012 7:26:24 PM PST
[Deleted by the author on Dec 19, 2012 7:28:59 PM PST]

In reply to an earlier post on Dec 19, 2012 7:29:58 PM PST
Last edited by the author on Dec 20, 2012 8:03:41 AM PST
Smart, huh? Smart people aren't typically reliant on second-hand interpretations, but rather prefer to educate themselves and make up their own minds. There are ways to find the article in question without using any posted links.

In reply to an earlier post on Dec 19, 2012 7:53:34 PM PST
Lene Jensen says:
Sharon, gizmodo is a reputable site. The fact that Grumbler tried to make it seem disreputable means he is either not informed, and I don't believe that for a second, or he's too lazy to go to the site. The article is long, and it's better that people read it, to understand the problem. If I said "Amazon CSRs enable crackers access to your account", well, that is the gist, but that is also not completely true either. I could write an article about it, but why should I, when the original article does it so much better.

If you go to the OP, you SEE the link address. Good grief.

In reply to an earlier post on Dec 19, 2012 8:02:07 PM PST
Last edited by the author on Dec 19, 2012 8:03:22 PM PST
I agree, there's no excuse for intellectual laziness, not even feigned paranoia.

In reply to an earlier post on Dec 19, 2012 8:19:08 PM PST
[Deleted by Amazon on Feb 10, 2013 7:08:13 AM PST]

In reply to an earlier post on Dec 19, 2012 8:25:43 PM PST
Last edited by the author on Dec 19, 2012 8:28:12 PM PST
Peregrinn says:
The article says that someone posing as an Amazon account holder was able to get a Customer Service Rep to disclose order numbers and then have "replacement orders" shipped out to an address that was not on the account. The Rep did not require use of a password or any other secure information. Amazon's Customer Service procedures nearly permitted a scam artist to get some pricey merchandise - though the alert customer (who wrote the Gizmodo article) was able to cancel those orders.

Thanks for the head's up, Sven.

In reply to an earlier post on Dec 19, 2012 8:30:21 PM PST
ps says:
You can go to http://gizmodo.com and read the article.

Posted on Dec 20, 2012 4:59:17 AM PST
AlChemE says:
I am sort of on Grumbler's side, even though the way he said it was rude. I don't really like when people post just a link. If you want to post, at least give an idea of what it's about other than "huge security flaw." That is the type of thing you see in SPAM emails all the time - some attention grabbing headline, with just a link, if you want to know more.

In reply to an earlier post on Dec 20, 2012 5:21:54 AM PST
Lene Jensen says:
If he had criticized the OP, sure, I would have been on his side. But then you look at the link, and it is not a high risk link, and then you get a snarky "I am better than everyone else, and won't follow the link as it can be dubious". We know he was just too lazy to read. But, it is polite to have a quick synopsis of the problem in OP, however, I've seen a lot worse here. This is at least explaining a legitimate concern that all of us should be aware of. Through no fault of our own, someone can use our accounts to obtain free stuff. We will eventually pay for it. All of us.

Posted on Dec 20, 2012 5:26:57 AM PST
AlChemE says:
I never click on a link from a forum like this, though. As you probably know, sometimes the link description isn't really the same as the URL that you'll be sent to, if you click on it. A crafty person could make it LOOK like they're linking you to gizmodo, but really send you somewhere else. Of course, you could just go to gizmodo yourself and search for it, but I am always suspicious of messages that just encourage you to "click on this link for important information."

Posted on Dec 20, 2012 5:31:22 AM PST
Last edited by the author on Dec 20, 2012 5:34:38 AM PST
AlChemE says:
Still, it's a good heads-up. I will definitely pay attention, if I see any unexpected messages from Amazon customer service showing up in my e-mail.

It also points out why many of us prefer not to post here using "Real Name." I occasionally get comments about being a coward, not wanting to stand behind the things I say. Nope...that's not it. I prefer not to make it too easy for someone to steal my information.

In reply to an earlier post on Dec 20, 2012 5:35:24 AM PST
Since the OP's link is not clickable, this makes no sense.

Posted on Dec 20, 2012 5:50:54 AM PST
AlChemE says:
Maybe you're right, Anastasia. Since Grumbler and Lene were calling it a link, I made the assumption that it was a link. I don't see it that way, myself, but I find that can vary depending upon what computer and/or browser I'm using. Still, my comment was kind of generic, that I don't click on links that people post on public fora.

I can't even use the "Reply to this post" link or the Yes/No buttons on the computer I'm using now, so I thought it possible that someone else might see that URL as a link, even though I didn't.

In reply to an earlier post on Dec 20, 2012 7:17:40 AM PST
Last edited by the author on Dec 20, 2012 7:19:06 AM PST
You need to calm down and stop posting so much paranoid personal information.

The world is NOT out to get you.

Posted on Dec 20, 2012 7:40:48 AM PST
R. Eye says:
Just finished a masters degree in cybersecurity. If any personally identifiable information (PII) is accessed due to a security breach (hacking or otherwise), the vendor is required by law to disclose the breach to U.S. CERT who will notify the FBI, if criminal charges can be brought. This scam (with the CSR and order numbers) is no different from the thieves stealing packages delivered to your front porch before you get home from work. Since technology changes and new ways to pull off a scam are created all the time, there are never any guarantees that your data is safe. Period. Anyone who uses the Internet for any reason whatsoever, is exposed to risk of identity theft, credit card fraud, drive-by malware downloads from browser hijacking, etc. Likewise, you expose yourself to similar risk when you receive paper mail from the post office, it's just that the pool of potential perpetrators is smaller.

In reply to an earlier post on Dec 20, 2012 7:48:28 AM PST
B. Perry says:
I think the only live links you can post here are Amazon ones. Outside links are not clickable. Copy and paste in your browser, unless paranoia consumes you.

In reply to an earlier post on Dec 20, 2012 7:50:13 AM PST
Lene Jensen says:
Well, this isn't a clickable link. So you see what it does. In this case, it goes to gizmodo, but imbed stuff from another reputable site. I had no problem going to it. I am sceptical to threads with less trustworthy links.

Posted on Dec 20, 2012 7:51:07 AM PST
harmonious1 says:
Just finished a Croissan'wich from Burger King and I echo R.Eye's comments.
‹ Previous 1 2 Next ›
[Add comment]
Add your own message to the discussion
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
Prompts for sign-in
 


 

This discussion

Discussion in:  Gold Box forum
Participants:  18
Total posts:  46
Initial post:  Dec 19, 2012
Latest post:  Dec 20, 2012

New! Receive e-mail when new posts are made.

Search Customer Discussions