An Amazon customer says the company’s customer service reps divulged his information to a hacker who was able to use that data to trick his bank into issuing a new copy of his credit card.
Tech publications are running wild with the story, which the customer posted on Medium.com – possibly in part because he was a software developer who said he followed best practices such as using unique passwords, two factor authentication, and a secure computer.
The hacker allegedly employed “social engineering” to trick Amazon employees (it happened more than once). Engaget wrote, “Rather than attacking computers, a “social engineering” hack goes after the most fallible element in a system: its operators. Let’s say, for instance, that you know the birthday, postal and email addresses of someone you really, really hate. You could use this information to contact a service provider that they use and pretend to be them, explaining away any missing data by saying you’d been knocked on the head. If the customer services agent believes your story, then they’d give you further pieces of information or, in the worst case, let you avoid standard security procedures altogether.”
Amazon didn’t respond to an inquiry from Engadget, which pointed to another alleged incident involving the retailer – “journalist Mat Honan lost access to his Amazon account after attackers impersonated him in 2012.”
Mediocre co-founder Dave Rutledge, formerly of Woot (which Amazon acquired), posted a comment in the Medium post saying he had experienced a similar situation, as did other commenters.
Nevertheless the story is unusual – not because Amazon is immune from bad press, but because it questions Amazon’s ability to keep customer data safe.
You can read the full post and comments on Medium.