After very public realizations that their policies were flawed, both Apple and Amazon have changed those policies that allowed members to change and update their account information – such as credit card numbers and phone numbers – over the telephone. The problem was brought to light when hackers were able to gain access to a journalist’s online accounts. The hackers were able to hack the accounts within minutes of getting a customer service rep on the phone.
Unfortunately, along with the financial details that were easily accessed, one journalist had all of his digital files – his music, films and other things we typically keep in our “cloud” – were annihilated in one fell swoop; or more specifically, simply convincing the customer service team that the hacker was indeed the writer he was fraudulently representing. These attacks serve as proof that it doesn’t always have to be a technical mind with years of coding experience.
Both Apple and Amazon – and other wise companies who didn’t want to become an example in the media – immediately moved forward to fix the flaws.
For now, Apple announced it would no longer allow its customers to reset their Apple IDs over the phone. The company encourages customers to make those changes through the iForgot system. It’s believed this move will be temporary until it can better train its representatives. A representative for the company said there’s no specific timeframe for how long that “temporary” policy will be in place. When Apple restores the ability to call in for password resets, she said, users will have to provide “stronger” proof that they are who they say they are. She would not comment on specifics but it’s not likely financial information, such as credit card changes, will be as easily changed or modified in the future.
For its part, Amazon says the exploit had been closed since Monday, the same day the story broke. Unfortunately, it’s not commenting or providing any answers. For our part, we tested the Amazon policies via its chat features and were able to change the recipient of a gift card with no proof of who we were nor were we asked for an order number or other information that would verify the representative was indeed speaking to the purchaser. Our member was required to input credit card information before the transaction was allowed to move forward, but this was prior to the chat. It’s believed Amazon’s customer service reps will no longer change account settings like credit cards or email addresses by phone.
Unfortunately, for those who have been victimized, they’ve lost far more than their favorite playlists or music files. One writer lost photos of his daughter across the board – his iPhone, iPad and MacBook. The hackers didn’t stop there – they also deleted his Fortune 500 account and then began posting vulgar messages via his Twitter account.
So does this mean we shouldn’t link our “online lives” together? Whether or not we should or shouldn’t, it’s impossible not to. Facebook, Amazon, our bank accounts, debit and credit cards – if you shop online, if you pay bills online, if you send Amazon gift cards – it’s all linked and it really is as simple as that. Still, and as the victim took responsibility for not backing his data up and chaining his accounts, he reiterates Apple, Amazon and all other online merchants should have better systems in place that aren’t so easily “gamed”. He wrote on his blog that the problem is “endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices”. We agree.
- FTC Warns of Prepaid Card Scams – May 23, 2013