|
November 27, 2023 -There are approximately 200 million Amazon prime customers. The membership fees alone for those people should account for around $2.7 Billion annually to the company. So you might think that when one of those customers accounts gets hacked into, the company would be able to quickly correct the issue. But you’d be wrong. Trust me on that.
On the morning after Thanksgiving I found myself locked out of my Amazon account. It turned out that the account had been hacked and someone had changed the email address and password associated with it and made some fraudulent purchases. So I called Amazon customer service and after about an hour on the phone I was able to get the issue corrected. The agent suggested that I might want to start using two-step verification to prevent further hacking attempts.
NOTE: In case you aren’t familiar with two-step verification, once you set it up you either receive a text message with a one-time-password each time you log into your account, or you can use an authenticator-app on your phone to confirm your log-in.
So once I was able to log in again, I set that up. I also added my phone number to the account to make recovery easier. Problem solved, right? Well, not so much.
Saturday morning I grabbed a cup of coffee and sat down at my computer to get a little work done. When I opened up my email, the first message I saw was from Amazon. It had been sent out at 11:05 PM the prior evening informing me that the email address and password associated with my account had been changed again. And once again I was locked out of my account. So I was back on the phone with Amazon customer service.
On this new call, the Amazon rep told me that hackers can easily bypass two-step verification. He’s the first person I’ve ever talked to with that claim, but if true, I don’t understand it’s purpose. But that’s another story. While on this new call, I changed my email and my password.... again!.... and tried to log back into my account. But two-step verification was keeping me locked out. So my case was escalated and I had to jump through some additional hoops by uploading a copy of a government issued ID to the company. I was told to wait 24 to 48 hours but that I’d receive a message when two-step recovery was removed from the account.
That message came in last night. So this morning I tried to log in again, only to find out that I was still locked out of the account. And once again, the culprit was two-step recovery. So I found myself back on the phone with customer service again, and having to repeat the same process all over. Now I have another 24 to 48 hours to wait for what will hopefully be a resolution. And that’s after escalating the issue again.
While this may all sound like I’m writing a complaint letter, that’s actually not the case. This entire experience has taught me a lot about the downsides of using a platform like Amazon Alexa for smart home devices, and it has destroyed any conception that I may have had that Amazon or companies like it take security seriously.
My entire home is setup on Amazon Alexa. I have two of their hubs in my house. I have lights, plugs and televisions that rely on Alexa. And right about now I’m locked out of all of them.
With regard to account security, you would think when I called in to inform them that the account had been hacked, they would have asked me some security questions that only I would know the answers to. That wasn’t the case. In the first call I made, the security questions consisted of things like, “what are the last four digits of the credit card you use on your account?” and “name three things that you’ve ordered in the past three months.” After I was able to log back into the account (after the first call), it occurred to me that anyone with access to the account would also have access to the order history. And I found out by looking at the account page that the last four digits of my credit card were clearly visible to anyone with account access as well. When I called into them again today, they didn’t ask me any security questions at all, yet the discussion included some very detailed account information. Maybe they should be asking things like, “What’s your father’s middle name?”
As a result of all of this I’m going to have to reconsider committing to any one technology for smart home convenience. Being locked out of those devices is anything but convenient. And I’m also going to reconsider using two-step verification... at least through an authenticator application.
I’m also going to have to consider how to protect any data that has been saved to my Amazon account. I still don’t quite know how someone gained access to it. The email address that was attached to the account was only used on Amazon, as was the password – which was strong. And even that didn’t protect me. And so once I gain access to the account again, I really need to look at what information is stored there and what should be deleted.
Truthfully, I guess I was just lucky to catch the issue early. That probably prevented a lot of additional fraud.
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|
Fraud and Scams 
