Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Amazon will no longer allow people to change credit card and email addresses for customers' accounts over the telephone, after a devastating hack on a journalist last week.
Wired reported that Amazon had quietly changed its policy on Monday.
Before the change, people could change account details as long as they were able to identify themselves by name, email address and mailing address.
Those pieces of information are easily found online, and were used by two hackers to gain access and take control of reporter Mat Honan's Amazon account through a simple phone call.
Once the Amazon account had been compromised and hackers knew the last four digits of his credit card number, they were able to trick Apple's customer service into believing they were dealing with Honan himself.
In the ensuing hack, the attackers remotely wiped Honan's laptop, iPad and iPhone, losing irreplacable data. His Twitter account was also compromised, along with a number of email accounts.
"In the space of an hour, my entire digital life was destroyed," Honan said in the aftermath of the attack.
According to Honan's account of the hack, those involved in the attack had purely used social engineering techniques — convincing people to hand over key information — rather than any technical hacks.
Honan and Wired were able to replicate the steps leading to the hack up until Tuesday, when Amazon closed the security hole without announcement.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
