Amazon has indicated it will no longer account information will change users who telephone to ask. The new policy comes after a social-engineeringaanval, where accounts of a journalist were cracked.
Wired discovered that Amazon are the privacy policy has adapted, making it no longer possible to by phone to make adaptations to a user account. That means that users will no longer be able to call to, for example, an e-mail address, or to edit a card to add to the payment. Amazon has the changes in the terms not announced, but was still to Wired to know that the new conditions wed night into effect.
Although Amazon itself is not a clear statement concerning the changes, it is likely that it has something to do with the social-engineering hack, which this week came in the news. This showed that a ‘hacker’, who has several accounts of Wired journalist Mat Honan did, the phone customer service from Amazon used to ensure sufficient data for the attack. This gave the attacker access to the iCloud account Honan, after which he remote the data of Honans iPhone, iPad and Macbook Air deleted.
To get access to the Amazon account, he called the customer service and supposedly a credit card to his account to add. Then he called again, stating that his login was forgotten. To access the account from Honan to get, he had to include the last four digits of the account linked credit card to the helpdesk, thus making the hacker the numbers of the by himself added a debit card could deliver.
Then he was of the customer service access to the account, in which he, among others, the last four digits of Honans ‘real’ credit card could see. These data were then used for the telephone customer service of Apple to the garden lead, to thus gain access to the iCloud account.
In addition to having access to the iCloud and Amazon account, the attacker can also access the Gmail-account from Honan, as his Twitter account. The hack raised concerns about the way in which companies grant users access to accounts if they call the helpdesk, something Amazon now has responded by telephone to customize account information to make it impossible. Apple seems to be still no changes have been made.