Crook exploited security hole, hijacked punter's bank cards
A fraudster exploited a bizarre weakness in Amazon's handling of customer devices to hijack a netizen's account and go on multiple spending sprees with their bank cards, we're told.
If you have weird fraudulent activity on your Amazon account, this may be why.
In short, it is possible to add a non-Amazon device to your Amazon customer account and it won't show up in the list of gadgets associated with the profile. This device can quietly use the account even if the password is changed, or two-factor authentication is enabled.
Thus if someone can get into your account, and add their own gizmo to your profile, they can potentially persistently retain this access and continue ordering stuff using your payment cards, even if you seemingly remove all devices from your account, and change ..
Support the originator by clicking the read the rest link below.
