Sad, Amazon hands over insecure information that Apple considers secure. Sounds like these corporate giants need to hash out some standards.
Amazon addresses security exploit after journalist hack
After a tech reporter detailed his nightmarish saga of being hacked because of Amazon and Apple security flaws, the e-commerce giant says it has changed its system to make things more secure.
by Dara Kerr
When tech reporters get hacked, it seems like tech companies pay attention.
Wired reporter Mat Honan's entire online life was compromised by a hacker named Phobia four days ago. Phobia used Honan's AppleCare and Amazon IDs, along with his billing address and last four digits of his credit card to get into his various online accounts. Apple responded yesterday saying that it was looking into how users can reset their account passwords to ensure data protection; and Amazon responded today.
"We have investigated the reported exploit, and can confirm that the exploit has been closed as of yesterday afternoon," an Amazon representative told CNET today.
What this means is that Amazon customers can no longer make changes to their account settings by telephone, according to PC Magazine. A small but significant change -- because it was by calling Amazon that Phobia eventually succeeded in deleting Honan's Google and Twitter accounts and wiping his MacBook, iPad, and iPhone clean.
"In many ways, this was all my fault," Honan wrote in an article for Wired yesterday that detailed his saga. "My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter."
The way Phobia gained entry into Honan's Amazon account is by calling the e-commerce giant pretending to be Honan and adding a credit card to his account -- all he needed to do this was Honan's name, e-mail address, and billing address. Then, Phobia called Amazon again and said he couldn't access the account and this is how he was able to use the credit card information to add another e-mail address and reset Honan's password. Story Continues