Latest in Gear

Image credit:

Amazon accused of handing out its users' personal data

Attackers are believed to have tricked Amazon's customer support team into handing out sensitive information.

Eric Springer is not happy, mostly because he believes that Amazon let a nefarious type get at his account. In a blog over at Medium, Springer revealed that he was the victim of a "social engineering" hack that exposed his details to an unnamed third party. With just a rough idea of Springer's location and his email address, the attacker tricked a customer services rep to give up almost all of his personal information. The attacker was subsequently able to use this data to trick Springer's bank into sending out a copy of his credit card.

Rather than attacking computers, a "social engineering" hack goes after the most fallible element in a system: its operators. Let's say, for instance, that you know the birthday, postal and email addresses of someone you really, really hate. You could use this information to contact a service provider that they use and pretend to be them, explaining away any missing data by saying you'd been knocked on the head. If the customer services agent believes your story, then they'd give you further pieces of information or, in the worst case, let you avoid standard security procedures altogether.

Springer, understandably, vents his anger at Amazon, which he says failed to understand that he was at risk of impersonation. That failure led to his account being compromised a second time just "a couple of months" later. The attacker attempted to get the customer services agent to hand over Springer's credit card data, which, he believes, they may finally have been able to do. This isn't an isolated incident, either, since a commenter to Springer's story was able to spoof their own account with similar levels of success.

It's quite a big charge to level against the mega-retailer, and one that could do some extensive damage to its reputation. We contacted the company to learn if it had any official response to the accusations leveled toward it by Springer. Unfortunately, it has not yet responded to us at the time of publication although we are very sure that Amazon will want to be heard on this topic. Those with long memories will recall that this isn't the first time that the firm has been slammed -- journalist Mat Honan lost access to his Amazon account after attackers impersonated him in 2012.

[Image Credit: Getty]

From around the web

ear iconeye icontext filevr