Author Topic: Amazon Account issues  (Read 4983 times)

  • Offline neXus

  • Posts: 8,746
  • Hero Member
Re: Amazon Account issues
Reply #15 on: January 25, 2022, 00:43:11 AM
Long lived JWTs are the problem usually, like tokens that go unvalidated with no expiry, especially if someone hasn't encrypted the payload at all and left user identifiers, etc in there that can be exploited. You'd be surprised how many dev teams don't appreciate even the basics of security, its pretty scary. I doubt that applies so much at Amazon but no system is going to be flawless as its built by engineering teams that are not infallible.
Yes but likely even lazier and annoyingly simpler, lol.
They probably long life tokens (because you can stay signed in on your IOS app) just stored in a lazy secured or not secured at all manner and a breach due to an API flaw or something else means those tokens are obtained. So when you do a handshake because you purchased through a reseller the token match is found and they use it to access as you to purchase or sell to someone who will try to purchase with that.




0 Members and 2 Guests are viewing this topic.