Security Weakness in Amazon’s Customer Service Highlighted by the Hack

Amazon is one of US’s biggest online retail stores and customers expect it to provide top class safety standards. But sadly, the online security that Amazon has, both as a site and for users, is not up to the mark. In fact, the lack of adequate security can escalate into a potentially fatal issue with time. Synapse Studios, a web development company, was responsible for discovering the flaw in the online retail giant’s site. Chris Cardinal, the managing partner of the firm, reported this flaw. He also added that the flaw is causing more damage to the site than it is causing to the consumers.

Security Weakness in Amazon’s Customer Service

 

Mr. Cardinal Quoted His Own Experience as Proof of Flaws

Synapse Studios’ Chris Cardinal said that his own personal experience was proof for how bad the security is on Amazon’s site. He said that the flaws were in the authentication protocols that the site had. Over time, people had adapted to these flaws and had not exactly noticed it. But hackers have gotten smart over the past few months and they managed to take advantage of these flaws in Amazon’s online system. He reported his experience on a periodical called the HTMList.

Chris Cardinal’s Experience

Mr. Cardinal had ordered a few products on Amazon.com and had also got the delivery of the products. But he said that scammers took advantage of his order history, name and address and made the company deliver replacement products to an alternate address. The scammers contacted the company and registered an alternate address. They made Amazon.com send replacement products even through Mr. Cardinal had signed for the products and received them. After this mess up, the customer service agency of Amazon called up Mr. Cardinal and started reporting problems about the order that he had received ages ago.

Incompetent Customer Service Representatives

After Cardinal got the email receipt for a replacement of the product, he tried calling the customer service of Amazon.com to fix the issue. Unfortunately for him, none of the customer service representatives that he got in touch with were able to solve the issue. Cardinal reported that it was the incompetence on the part of CSRs that caused this problem. He said that it was a simple matter of organizing everything on a universal basis, be it the order number or the account from which the product was ordered.

Child’s Play to Get Free Products

Cardinal said that the CSR’s incompetence could be laid bare, with only a couple of authoritative enquiries and a few data points. He said that all a hacker wanted to take advantage of the flaws in Amazon’s security system is the order number, the date, name, and email ID. That much data was sufficient for making the company send free products to alternate addresses. But he added that this cannot be done on a regular basis and probably can be accomplished once a year. That opportunity was sufficient, especially in high volume and high value orders.

This Social Engineering Technique is Old School

According to security experts from WhiteHat, this is not a new technique. The experts said that usage of anonymous accounts is an old school scamming method. The only difference with the hackers of this generation is that they used anonymous social media accounts and other latest social engineering platforms to run scams.

Coming back to the Amazon.com issue, the experts were of the opinion that the company is not taking this issue seriously because the difference in profits is very negligible to the company. With the billions of dollars of business they do, this is something that the company can afford to overlook.