Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Apple and Amazon Security Flaws Led To Mat Honan's Identity Theft

Posted by Unknown on from the quick-turnaround dept.

An anonymous reader writes "The story behind the hacking of Mat Honan's multiple accounts has been revealed and points to massive failures in how Amazon and Apple handle password recovery. Accounts for both sites can be easily accessed with simple to find publicly available information. If you ask me, both companies should be liable for violating privacy laws."

3 of 222 comments (clear)

  1. Benefits of free services by akamad · · Score: 5, Interesting

    I would argue that the biggest benefit of using free services (like GMail) is they offer no or crap phone support! Thus making it very difficult for a hacker to social engineer their way into your account.

  2. A very good article. Read it! by Qbertino · · Score: 5, Interesting

    This is a very good article, every /. nerd worth his honors should read it. It's pushed my paranoia levels almost up to normal again. That alone was worth the time. I've been dragging out that backup HDD for my MB Air far to long and will now change that.

      I'm also going to solidly review my online presence and accounts, and how they could be linked. And fix any problems that pop up.

    Bottom line: Read the article, it's a healthy wake-up call and if you're like me, you need that once in a while.

    My 2 cents.

    --
    We suffer more in our imagination than in reality. - Seneca
  3. That is not the problem with Amazon by Ecuador · · Score: 5, Interesting

    At first I was aghast at how they could implicate Amazon for revealing the last 4 digits of your card, when they appear in every transaction receipt printed etc.
    However, after reading TFA it is obvious that Amazon has a serious security flaw as well that they need to address as well. It seems that you can call Amazon support knowing only the name, email and billing address of a person and you can add a bogus credit card number to their file. Then you call back and tell them you can't access your account and they will let you add a new email address to reset your password and you use the credit card number you had just added as verification of your identity!
    True, Amazon showing the last 4 digits of your CCs on your account is not a problem, but giving access to your account to a person armed only with knowledge of your name, address and email is a serious flaw.
    The summary and even the article don't make it that clear what the problem is with Amazon, you have to read through TFA.

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS