Cybercriminals Find a Way to Hack Amazon Accounts and Place Orders Even When Passwords Are Changed

Amazon doesn’t seem to catch a break when it comes to cybersecurity and data protection. If it’s not one thing then, it’s the other. It seems that just yesterday we talked about the latest Amazon data breach right before Black Friday. And now, we have a handful of other stories that say hackers manage to place unauthorized orders even if the account’s password was changed.

So what is the problem? How come these crooks are still able to virtually steal Amazon customers’ money, even if they employ all the main security measures? Well, apparently, the hackers are really smart, and Amazon is just too humongous for its own good.

The Mystery behind Unauthorized Orders on Amazon

It seems that it has all started with one rogue TV. Here, you might stop and reread the previous sentence. A TV? What does a TV have anything to do with cybercrime?

To tell you the truth, according to the report by The Register, a smart TV can successfully be used to place unauthorized orders without the user knowing anything about it. This happens when the fraudster’s smart device gets linked with the victim’s profile on the platform. What’s worse, Amazon might be oblivious to this, too! This means that there are obvious shortcomings in the Amazon’s security system, and if we take a deeper look into the issue, we will see that the crooks have clearly found a security loophole, and they were fast to exploit it.

While the previously mentioned report about a TV placing unauthorized orders on Amazon might seem like an isolated case, once the report was published, more readers replied, sharing their experiences. It appears that unauthorized orders by phantom devices might be a lot more frequent than it seems. The problem with such phantom devices is that they can charge the user’s account cards even if the user changes their passwords often, and they have multi-factor authentication enabled.

That is clearly worrisome because cybersecurity specialists and various service providers always repeat how important it is to renew passwords, and how those passwords need to be strong and unique. There are a lot of users out there who employ password managers to live up to these security standards. If you’re wondering what it feels like, you might want to try clicking that Try FREE 30-Day Trial Now! button on the right to see how a password manager works. But of course, employing a password manager and turning on multi-factor authentication cannot guarantee that your data is safe if the service provider leaves the system vulnerable!

Amazon Profile Blunders

While you can easily see the unauthorized orders on Amazon when you check your profile, the same cannot be said about locating the phantom devices that placed those orders. Judging from the testimonials, the problematic device cannot be seen in the usual account settings. The devices that do not appear on the list of linked gadgets are usually Android devices. According to the user reports, these devices are usually hidden in Amazon Prime settings. Hence, if you cannot see a device, you wouldn’t even think that it has anything to do with unauthorized orders.

How do these phantom devices get added to the victim’s profile in the first place? Although each case might be different, it is very likely that victims’ emails were leaked or compromised, and then the hackers just guessed the password. If users use the same email across different accounts, one compromised email address could allow criminals to access several accounts and services.

Keeping that in mind, it would be a good idea to regularly check whether your email has been leaked or not. Also, to avoid unauthorized orders on Amazon through phantom smart devices, you might want to check your Amazon Prime settings. Even if the fraudster devices do not show up in the main settings menu, they appear on the Prime Devices.

On top of that, if you see that your account is often charged for something you haven’t purchased, you must contact the Amazon customer service at once to notify them about these transactions. It is very unlikely that Amazon would do anything about it on their own because, from the system’s point of view, the purchases are legitimate as they are made through your account.

How to Protect Your Account from Unauthorized Orders

As we have already established, the security of your data depends on both: your security habits and the service provider. So, it is also up to Amazon to figure out how to display all devices properly, so that users would be able to see what’s linked to their profile. If clarity within the settings is achieved, it would be a lot easier to spot that the account has been compromised.

What’s more, let’s not forget the usual security measures that are often overlooked because they are so simple. For instance, password reuse and password strength can be linked to easy data thefts. Although using the same email address across different accounts sometimes cannot be helped, reusing the same password is a straight road to a personal data leak.

Therefore, unique and strong passwords should be employed everywhere. If the platform you are using allows you to enable multi-factor authentication, do so. That additional level of security might seem bothersome when it puts another hurdle to access your profile, but this one additional step for you translates into multiple obstacles for hackers, and if that can protect your personal information, you shouldn’t overlook it.

Finally, if you feel lost or confused about certain cybersecurity aspects, feel free to leave us a comment. We can go through your queries together, and see how we could help you.

January 13, 2020

One Comment

  • Simo:

    A me è successo. Amazon tra l'altro ha immediatamente cancellato dal mio profilo tutti gli ordini che risultavano non autorizzati, impedendomi di fatto di blocarli e richiedere un rimborso al venditore. Si sono comportati in modo molto scorretto e, pur avendo riconosciuto la violazione del mio account e pur avendo immediatamente annullato gli ordini, mi hanno comunque prelevato i soldi, costringendomi ad aprire una controversia con la banca.

Leave a Reply