Amazon Hack?
Posted: Fri Jun 15, 2018 12:04 am
TL;DR - My Amazon account has been hijacked.
Last week I got an e-mail from Amazon that my password had been changed. I hadn't done anything with the account in months, so I check the the e-mail header source code and it looked good. I once got a "bank" message that resolved to Argentina when I looked at the code, ha ha. At any rate, I chalked it up to the recent flurry of Update to Our Terms of Service so many sites have been sending, and forcing you to read by blocking entry, challenging logins, and such.
A couple days ago, I wanted to make a small purchase, and found my password didn't work. Surprise, surprise. So I followed the instructions, got the temporary PW from e-mail, logged in, and sorted things out. My card on file had expired (it's been a while), so I updated the card and made my purchase. What followed were another round of "Your password has changed" messages and the "Thank you for your order" stuff, with a Order Shipped the next day.
I checked my newly installed card and found the $24 purchase had been properly billed and life was good.
Until I checked the e-mail yesterday. I get to see an Amazon "Your login has been changed to (gibberish)@bk.ru"
Eeep!
Tried to login - my ID was no longer recognized. Tried the (gibberish)@bk.ru login - accepted - pass word no worky. Bleah! Quick check of card activity - nothing new. Off to the bank to cancel card, process the $24 only, and get new card.
bk.ru resolves to mail.ru by the way.
SOOOO.... Because my account had been idle for months (expired card), there was no recent activity while logged in. I doubt a Man-in-the-Middle attack had occurred, but if a script kiddie had broken into Amazon and was cruising for bad cards, they found me. Next would come baiting by changing the PW. The Privacy Update stampede helped mask this. Then comes a forced PW recovery (more scripts to eavesdrop) and catch my newly updated card. If card good then change login -- bye bye account (and card balance).
I think I lucked out by killing my card so quickly. It's a throw away I use for internet transactions anyway, but still...
Heard nothing back from Amazon so far. I may not have their correct problem reporting address.
Anybody have anything similar happen to them?
Last week I got an e-mail from Amazon that my password had been changed. I hadn't done anything with the account in months, so I check the the e-mail header source code and it looked good. I once got a "bank" message that resolved to Argentina when I looked at the code, ha ha. At any rate, I chalked it up to the recent flurry of Update to Our Terms of Service so many sites have been sending, and forcing you to read by blocking entry, challenging logins, and such.
A couple days ago, I wanted to make a small purchase, and found my password didn't work. Surprise, surprise. So I followed the instructions, got the temporary PW from e-mail, logged in, and sorted things out. My card on file had expired (it's been a while), so I updated the card and made my purchase. What followed were another round of "Your password has changed" messages and the "Thank you for your order" stuff, with a Order Shipped the next day.
I checked my newly installed card and found the $24 purchase had been properly billed and life was good.
Until I checked the e-mail yesterday. I get to see an Amazon "Your login has been changed to (gibberish)@bk.ru"
Eeep!
Tried to login - my ID was no longer recognized. Tried the (gibberish)@bk.ru login - accepted - pass word no worky. Bleah! Quick check of card activity - nothing new. Off to the bank to cancel card, process the $24 only, and get new card.
bk.ru resolves to mail.ru by the way.
SOOOO.... Because my account had been idle for months (expired card), there was no recent activity while logged in. I doubt a Man-in-the-Middle attack had occurred, but if a script kiddie had broken into Amazon and was cruising for bad cards, they found me. Next would come baiting by changing the PW. The Privacy Update stampede helped mask this. Then comes a forced PW recovery (more scripts to eavesdrop) and catch my newly updated card. If card good then change login -- bye bye account (and card balance).
I think I lucked out by killing my card so quickly. It's a throw away I use for internet transactions anyway, but still...
Heard nothing back from Amazon so far. I may not have their correct problem reporting address.
Anybody have anything similar happen to them?