?

Log in

No account? Create an account

RETURN | GOTO

A hacker has discovered -- and, happily, disclosed -- a "blind spot" between Apple and Amazon's identity and account verification procedures:

Details are here and here.

I have to say this had never occurred to me as a way to game the system, but it's scary easy because so much information is available online (names, addresses, phone numbers, email addresses) and I'll bet can be done with other paired accounts as well. I know how many places use the last 4 digits of your credit card as verification.

Amazon claims this has since been fixed, but I have my doubts. My wallet was stolen last year and within four hours I had closed all my credit and debit cards, but the thief got my debit card turned back on via the simple route of calling my bank, pretending to be me, and telling them the card had only been lost and was now found. Wow.

It's almost enough to make you leave ze interwebz entirely. Almost, because otherwise where would I go for beta readers??

Comments

( 10 bugs reported — Report a bug )
droxy
Aug. 8th, 2012 01:50 am (UTC)
With an unlimited spokeo account anyone can find you and all your identities. I will not do financial transactions over my iphone.

Thanks for sharing!

Adding now that Apple is just as vulernable, if not more so, than windows.

Sooo glad I dont use iCloud.

Edited at 2012-08-08 02:05 am (UTC)
delphipsmith
Aug. 9th, 2012 03:30 am (UTC)
now that Apple is just as vulernable, if not more so, than windows. Yeah, we all knew that day would come, didn't we?
ennyousai
Aug. 8th, 2012 03:46 am (UTC)
And your bank did not try to verify your identity in any way? I mean, damn. o.0
delphipsmith
Aug. 9th, 2012 03:33 am (UTC)
I know, isn't that awful? I called to find out what personal info the customer service person had asked for, since if they'd asked for and gotten my SSN my problems were way bigger than just a debit card. The person I talked to said that according to their logs, they had asked for home address. Well, I pointed out, if they took my WALLET they also have my DRIVER'S LICENSE which of course has my HOME ADDRESS on it. Duh. So I complained up one side and down the other and they promised to investigate, saying that it shouldn't have happened and that once a card is reported stolen it's never supposed to be turned back on. Somehow I'm not soothed...
shiv5468
Aug. 8th, 2012 07:17 am (UTC)
Boggles.

Fortunately I don't have an apple account, and I'd hope they've learned from this lesson!
delphipsmith
Aug. 9th, 2012 03:34 am (UTC)
One hopes. One is not sanguine, however, given one's past experience with customer service. If only irishredlass had been on the line, I bet this would never have happened LOL!
madeleone
Aug. 8th, 2012 02:13 pm (UTC)
Well that's a scary thing!
delphipsmith
Aug. 9th, 2012 03:35 am (UTC)
Indeed it is. Makes me happy that I minimize my online activity and wouldn't touch Apple with a ten foot pole. Not that Amazon is any better, really, they should never have let this get through, but what can you do when your business model says you never see a person face to face, just through email and phone calls? There's not much to go on other than data, which is so much more easily falsified and stolen than your actual face...
(Deleted comment)
delphipsmith
Aug. 15th, 2012 11:47 pm (UTC)
HAHAHAHAHAAHAAAA!!!!! No, they did not. I did file a police report, which means I wasn't liable for the $700 in charges, but no, the cops never caught them. A**holes (the thieves, not the cops).
( 10 bugs reported — Report a bug )

Profile

HSU IT
delphipsmith
#!/usr/bin/girl

Latest Month

November 2017
S M T W T F S
   1234
567891011
12131415161718
19202122232425
2627282930  

Tags

Powered by LiveJournal.com
Designed by Tiffany Chow