Amazon no longer allows you to change account information over the phone, after Wired reporter Mat Honan shared his story of how weak security in Apple and Amazon led to a major hack on his digital life this week.
Wired discovered this after trying to recreate Honan’s hack.
Honan’s Amazon, Twitter, Gmail, and iCloud accounts were broken into over the weekend by a hacker who goes by the name of “Phobia.” It all started when Phobia was able to trick Amazon customer service into believing that he was Honan. The company has since seemingly told its customer service department that information can no longer be added to accounts over the phone.
Amazon allows you to add a credit card number or a new email address to an account if you are able to supply the account holder’s name, a billing address, and an email address on file. These three pieces of information are easily accessible, including the billing address, which Phobia discovered through a “Who Is” look-up of one of Honan’s websites.
Phobia was able to add a credit card to the account, which he then used as a piece of identification when he called Amazon back, pretending to have lost access to Honan’s account. After gaining access to the account, Phobia used information from Amazon to get into his iCloud account, wipe his devices, delete his Gmail account, and hijack his and Gizmodo’s Twitter accounts.
The power of linking your accounts.