PSA: Amazon’s Appalling Lack of Security

If you are an Amazon user, please take head. Amazon has an appalling lack of security that I’m pretty sure many users are completely unaware of. I know I was and I tend to be on the cautious side when I do anything online, let alone shop.

While I’m still in the middle of trying to get my issue straightened out and I don’t have all the facts yet, I can do some pretty obvious inference into what happened. No matter the facts of how or why, my account didn’t just get hacked, it got full on hijacked.

Yesterday, I got a notification that my password had been successfully changed, a change I at no time requested. I go to Amazon to log in to see what is going on and it says there is no account under that email address. It’s as if that account simply no longer exists when just hours earlier I had no problems getting in and getting a book.

I call customer service and it takes a while, but they finally determine that the email address for my account has been changed. Again, something I did not do. The issue has to be escalated to another level, but I don’t get a resolution. I have to wait for someone to call me back. In the meantime, I have credit cards tied to this account. I’ve been assured that the account is currently locked, but that does not relieve me in any way, shape, or form. Someone pretty much stole my Amazon account out from under me and I have no clue how. I am still waiting on a call back, but I have no access to anything. No Unlimited. No ability to track several packages I was expecting. No way to go in and remove those cards from the account or any of my other personal information like my address.

I am almost certain that I know what happened, but I can’t confirm any of it. About a month ago, I ordered a shirt that was listed as a Prime item. I got it, like pretty much every single other thing I’ve ever gotten. I have been an Amazon Kindle Unlimited and Prime customer for YEARS and have not one single time ever had a issue with anything, so when that shirt came and I loved it and decided to get another one in a different color, I didn’t think twice about the change from Prime to not with the color change. That was my first mistake.

Not only was the different colored item not Prime, but it was not scheduled to arrive for over a month. I honestly thought that the item I was buying was from the vendor listed in the main listing that stocked with Amazon, but that that color/size was out of stock and needed to ship directly from the vendor. That isn’t what happened. I got switched to an entirely different vendor, but there was nothing in this process that made that obvious. I didn’t realize there was any issue until weeks later when I went to track the item only to find out that there wasn’t any tracking information provided. When the shirt never showed up, I contacted Amazon and was told that I wasn’t eligible for a refund as this was purchased by an outside vendor and I needed to deal with them directly.

When I went to leave a nasty review, I saw that this particular vendor had a single star rating, not the 4+ that was on the original listing. EVERY single review was about never receiving the merchandise. I’m pretty damn certain that if Amazon allowed it, that one star wouldn’t even exist, the reviews were so bad.

As far as I’m concerned, this is a classic bait and switch on Amazon’s part. Should I have paid closer attention to the actual vendor when I went to check out? Yes. Absolutely. But I had NO idea that this was something that Amazon did, switching vendors under a single listing like that, so I didn’t know that it was something I needed to watch for. Again, I’ve been a customer for years and not once have I run into an issue like this.

One of the massive problems with this situation is that the item in question actually has it noted in the top level of their description that the item is only authorized to be sold by a single vendor, that any other vendors selling it are doing so without authorization, yet Amazon allowed this vendor to list and sell this item. Essentially, allowing, at best, unethical practices if not out and out fraud. When I confronted them about this vendor, which I absolutely did, I was told that they watch vendors closely and take action when there are issues, but there had been these negative reviews going back well over a year and they were, quite obviously, still allowed to be a vendor.

Now, just over 10 days later after I submit my complaint against that vendor, I have someone manage to get into my account. Sure, it very well may just be a coincidence, but that would be one hell of one.

After dealing with this last night, Hubby did some checking and apparently Amazon doesn’t have any real security when it comes to your account. If someone has the most basic information like the email address used and the home address, all information provided to vendors when you buy something, they can get into your account with a single phone call. There is no verification process AT ALL. When I called, I was able to find out that the email address had changed and get the account locked down simply by providing them with an order number of something I’d purchased. Again, something a vendor would most likely have access to.

His research showed that there ARE ways to set up a dual authentication on your account for logging in, but that isn’t a standard thing. It is something you have to go into your account to set up yourself. That also doesn’t negate the ease of which someone can get to your account through customer service via phone.

It is truly terrifying to see how insanely easy it was for this to happen, and that I’m not the only one to have it happen to. It is so stupidly easy for a vendor that got ticked about a review to utterly destroy your account. I have no clue what has been done in the time mine was out of my control. We did check Hubby’s account and the credit card numbers are masked, so that can’t be stolen, but… YEARS of history and information are in that account. Do you know how many books I have through that?

I feel violated and ragingly pissed off. I’m already pushing two hours past the time I was told I would hear from someone and I’ve yet to get a call.

 

Author: TJ Fox

I am a slightly sane artist, amateur photographer, book addict, wife, mom and raging introvert. I have more hobbies than I can count, so it is beyond shocking that I manage to find time to do any of them, let alone most of them and still have time to do anything else. Of all the talents I claim, writing wasn’t one of them until my muse dropped the idea for a book on my head.

3 thoughts on “PSA: Amazon’s Appalling Lack of Security”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.