As you may have heard, Mat Honan, a journalist who works for Wired, had, as he put it, his "entire digital life...destroyed" when a hacker exploited a loophole within Amazon's customer service system. To ensure people don't completely freak out and to prevent further hackings, Amazon today announced that it has plugged that hole.
In a piece for Wired.com published on Monday, Honan explained how the Amazon hack worked:
First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry’s published self-check algorithm.) Then you hang up.
Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn’t have anything to share by press time.
"We have investigated the reported exploit, and can confirm that the exploit has been closed as of yesterday afternoon," said Amazon in a statement. Meaning, now you will not be able to edit the credit card or email information for your Amazon account over the phone.
[via PC Mag]