Ty Rogers of Amazon PR has reportedly confirmed that the hole in Amazon’s authentication process that allowed Mat Honan to be hacked has been closed, “effective yesterday.”
https://gizmodo.com/apple-and-amazon-know-about-a-massive-hack-exploit-and-5932176
The Amazon exploit had ben somewhat undersold, even in the Wired piece that explained the process. Most of the focus had been that the last four digits of an account were made available with the exploit. That’s true, but the rest of the account was as well, meaning a hacker could wipe out every credit card you had. It could not send the items to a new address—that would require the full account number, but for someone who just wanted to wreak havoc, it would be disastrous.
Wired is reporting that part of Amazon’s fix is to not add credit cards via phone call, since that was the original point of entry.
We’re reaching out for more information, but for now, this is very good news. [Twitter]
