Chat > Entertainment & Technology
Amazon Account issues
Clock'd 0Ne:
Through the grapevine I have heard that AWS are being hit pretty hard lately with attacks (DoS mostly) but it's not inconceivable that a vulnerability has recently been found and you're one of the first unlucky victims.
matt5cott:
2 separate household accounts suggests something awry at your location, first thoughts are MITM or a compromised device.
neXus:
--- Quote from: matt5cott on January 13, 2022, 23:02:32 PM ---2 separate household accounts suggests something awry at your location, first thoughts are MITM or a compromised device.
--- End quote ---
Different devices. Each device does not have the details of the other.
Both Iphones through Amazon app - IOS. So I doubt compromised.
Both with Amazons two step authentication OTP so you can not log in without the code from the text.
Amazon support keep dodging me. I am still very strong (without looking) that Amazon data info send two 3rd parties about your details may be flawed or compromised. They got to send them your address details and I wonder if they are sending your whole object data. Either that or some other token that can just go into the apps that purely just attempt logins or use details to get in buy vouchers or sell details to the black sites that allow people to pay x amount to get an account to buy vouchers etc.
Amazon and eBay other than monthly services of course are the only system we have account card details saved on. My wifes is the one with PRIME so I may remove mine for manual entry.
I changed my Gmail email just in case but my main one is on office 365 and white listed devices. You can not get into my email account even if I gave you my password unless I add your device first.
Clock'd 0Ne:
That's a point actually, have you ever authorised any apps with something like Amazon Pay? You should be able to check in your account if there are any third party authorisations. Once your tokens are in the wild they could be abused.
I also don't think Amazon support are dodging you, I think you are getting first line support intended for dealing with cretins, its unlikely its been escalated far enough for someone technical to investigate and as such they basically haven't a clue.
neXus:
--- Quote from: Clock'd 0Ne on January 14, 2022, 06:03:52 AM ---That's a point actually, have you ever authorised any apps with something like Amazon Pay? You should be able to check in your account if there are any third party authorisations. Once your tokens are in the wild they could be abused.
I also don't think Amazon support are dodging you, I think you are getting first line support intended for dealing with cretins, its unlikely its been escalated far enough for someone technical to investigate and as such they basically haven't a clue.
--- End quote ---
I do not do those either for that reason.
It is rare I have my card details saved. As a developer and you may. come across this mate with PCI Compliance. If you want your hight level security certs etc and have PCI high level Compliance they do not want you storing card details in your system. You have a token save and com with your merchant gateway.
Amazon and like may do this but I think more often than not they are big enough not to care about that and store your card details and just encrypt it and salt it themselves with a field for last 4 digits. But if someone gets into account they cant purchase.
My MS account once I remember when I moved to NZ something happened and someone got in my GOLD was never auto renew and I would pay each year or use the gift cards and they went to buy stuff but could not check out as no card details.
Like I said, Amazon convince got me at the moment but I normally only have my pay monthly services with those.
I can not seem to get past first line support, its probably something they are aware off and the process for this support is telling them to do this.
I have had no further issues or attempts to access (I wish Amazon notified you a bit more like other systems) But considering I also seem to got more spam I think what ever they do with 3rd party order I think a bit too much info is provided OR these simply get your email and other details, look up exposed password black market API systems, try all known passwords linked with that email they just got from placing the order But I still do not know how they got passed the two step authentication. I am still leaning on that there is a flaw in fetching details API and too much is exposed or just info crappy simple base64 encrypted or something.
APPLE is awesome in some ways I do try lean on the password generation from Apple as much as possible and two step authentication. Even just having passwords saved in apple IOS settings. That requires face ID to access so its enclaved and safe there.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version