Amazon Says It Closed Its Glaring Authentication Hack Exploit

Illustration for article titled Amazon Says It Closed Its Glaring Authentication Hack Exploit

Ty Rogers of Amazon PR has reportedly confirmed that the hole in Amazon's authentication process that allowed Mat Honan to be hacked has been closed, "effective yesterday."


The Amazon exploit had ben somewhat undersold, even in the Wired piece that explained the process. Most of the focus had been that the last four digits of an account were made available with the exploit. That's true, but the rest of the account was as well, meaning a hacker could wipe out every credit card you had. It could not send the items to a new address—that would require the full account number, but for someone who just wanted to wreak havoc, it would be disastrous.


Wired is reporting that part of Amazon's fix is to not add credit cards via phone call, since that was the original point of entry.

We're reaching out for more information, but for now, this is very good news. [Twitter]

Share This Story

Get our newsletter


Does anyone have thoughts on a better way for Apple to have verified ownership?