Recent Posts

Pages: [1] 2 3 ... 10
1
Entertainment & Technology / Re: Amazon Account issues
« Last post by Clock'd 0Ne on January 17, 2022, 09:25:02 AM »
All of the two step auth still has to go via some kind of frontend and I'd imagine the APIs behind the scenes can be used in such a way to bypass this, there is clearly a loophole and it is simply a frontend illusion of greater security. Someone hitting the APIs directly probably has an authentication workaround. I had the same thing a few years back with my M$ account where someone tried to login from Singapore but they were stopped. Changed my password and never had a problem since.
2
Entertainment & Technology / Re: Amazon Account issues
« Last post by neXus on January 17, 2022, 07:05:30 AM »
That's a point actually, have you ever authorised any apps with something like Amazon Pay? You should be able to check in your account if there are any third party authorisations. Once your tokens are in the wild they could be abused.

I also don't think Amazon support are dodging you, I think you are getting first line support intended for dealing with cretins, its unlikely its been escalated far enough for someone technical to investigate and as such they basically haven't a clue.


I do not do those either for that reason.
It is rare I have my card details saved. As a developer and you may. come across this mate with PCI Compliance. If you want your hight level security certs etc and have PCI high level Compliance they do not want you storing card details in your system. You have a token save and com with your merchant gateway.


Amazon and like may do this but I think more often than not they are big enough not to care about that and store your card details and just encrypt it and salt it themselves with a field for last 4 digits. But if someone gets into account they cant purchase.
My MS account once I remember when I moved to NZ something happened and someone got in my GOLD was never auto renew and I would pay each year or use the gift cards and they went to buy stuff but could not check out as no card details.

Like I said, Amazon convince got me at the moment but I normally only have my pay monthly services with those.
I can not seem to get past first line support, its probably something they are aware off and the process for this support is telling them to do this.
I have had no further issues or attempts to access (I wish Amazon notified you a bit more like other systems) But considering I also seem to got more spam I think what ever they do with 3rd party order I think a bit too much info is provided OR these simply get your email and other details, look up exposed password black market API systems, try all known passwords linked with that email they just got from placing the order But I still do not know how they got passed the two step authentication. I am still leaning on that there is a flaw in fetching details API and too much is exposed or just info crappy simple base64 encrypted or something.


APPLE is awesome in some ways I do try lean on the password generation from Apple as much as possible and two step authentication. Even just having passwords saved in apple IOS settings. That requires face ID to access so its enclaved and safe there.
3
Entertainment & Technology / Re: Amazon Account issues
« Last post by Clock'd 0Ne on January 14, 2022, 06:03:52 AM »
That's a point actually, have you ever authorised any apps with something like Amazon Pay? You should be able to check in your account if there are any third party authorisations. Once your tokens are in the wild they could be abused.

I also don't think Amazon support are dodging you, I think you are getting first line support intended for dealing with cretins, its unlikely its been escalated far enough for someone technical to investigate and as such they basically haven't a clue.
4
Entertainment & Technology / Re: Amazon Account issues
« Last post by neXus on January 14, 2022, 02:02:20 AM »
2 separate household accounts suggests something awry at your location, first thoughts are MITM or a compromised device.


Different devices. Each device does not have the details of the other.
Both Iphones through Amazon app - IOS. So I doubt compromised.
Both with Amazons two step authentication OTP so you can not log in without the code from the text.

Amazon support keep dodging me. I am still very strong (without looking) that Amazon data info send two 3rd parties about your details may be flawed or compromised. They got to send them your address details and I wonder if they are sending your whole object data. Either that or some other token that can just go into the apps that purely just attempt logins or use details to get in buy vouchers or sell details to the black sites that allow people to pay x amount to get an account to buy vouchers etc.


Amazon and eBay other than monthly services of course are the only system we have account card details saved on. My wifes is the one with PRIME so I may remove mine for manual entry.
I changed my Gmail email just in case but my main one is on office 365 and white listed devices. You can not get into my email account even if I gave you my password unless I add your device first.

5
Entertainment & Technology / Re: Amazon Account issues
« Last post by matt5cott on January 13, 2022, 23:02:32 PM »
2 separate household accounts suggests something awry at your location, first thoughts are MITM or a compromised device.
6
Entertainment & Technology / Re: Amazon Account issues
« Last post by Clock'd 0Ne on January 13, 2022, 05:38:13 AM »
Through the grapevine I have heard that AWS are being hit pretty hard lately with attacks (DoS mostly) but it's not inconceivable that a vulnerability has recently been found and you're one of the first unlucky victims.
7
Entertainment & Technology / Re: Amazon Account issues
« Last post by neXus on January 12, 2022, 23:17:45 PM »
I've never heard anything like it, it must be something to do with 3rd parties as you say as their security is generally top notch.


They sent email saying they found no activity or access outside me in an automated email. Went on the chat and said that is not right and they said they would contact again. And then got another email saying the same thing.
I am leaning to their is a flaw or security issue in their system they fully aware off and have a detection process in place for but just trying to hide it till what ever it is gets properly sorted.
8
Entertainment & Technology / Re: Amazon Account issues
« Last post by Clock'd 0Ne on January 12, 2022, 09:58:32 AM »
I've never heard anything like it, it must be something to do with 3rd parties as you say as their security is generally top notch.
9
Entertainment & Technology / Re: Amazon Account issues
« Last post by neXus on January 12, 2022, 00:41:49 AM »
Haveibeenpwned.com your email address see if anything comes up?

Its horrifying how many of my oldest accounts have been compromised now!

Sent from my SM-G998B using Tapatalk


Even if we secure its the companies getting compromised themselves which is the pain in the ass. For my main email the ones that are shown there I know of and were emailed by said companies and updated my passwords when they did their process. Some were forced. Nothing new on there and some like foodora do not even exist.
10
Entertainment & Technology / Re: Amazon Account issues
« Last post by zpyder on January 11, 2022, 23:13:06 PM »
Haveibeenpwned.com your email address see if anything comes up?

Its horrifying how many of my oldest accounts have been compromised now!

Sent from my SM-G998B using Tapatalk

Pages: [1] 2 3 ... 10