clock menu more-arrow no yes mobile

Filed under:

Amazon fixes security flaw, will no longer accept over-the-phone account changes

New, 39 comments

Amazon has closed the telephone security vulnerability that allowed hackers with a name, email, and mailing address to break into one user's account.

Amazon box (STOCK)
Amazon box (STOCK)

Following Mat Honan's online security fiasco last week, Amazon told its customer service employees that it would no longer accept account changes over the phone, according to Wired. Hackers gained access to Honan's Amazon account with a quick phone call to the company's customer support staff, ultimately leading to a complete wipe of his iPhone, iPad, and MacBook. All the hackers needed was a mailing address, full name, and email address — each being easily discovered with some clever online searching — to get Amazon customer service to let them change email addresses and reset the account password. Once inside, the hackers had all the personal information they needed to cascade through other online services. Amazon's speedy response lends to the seriousness of the issue, and we're sure other online companies are giving their security policies a hard look right about now.