Tuesday, April 05, 2022

Amazon Hacked?

Ticker has more experience with computers and internet systems.........well.......lots.  He started, ran, and sold an early ISP in Chicago; he's been there, done that, got the tee-shirt. This guy knows what he's talking about.

Last morning I woke up to an attempted sign-on alert from somewhere using a password on Amazon from a place I wasn't.  It was blocked.

The password in question is extremely strong, entirely random and thus impossible to guess -- and has never been used any other place.  The only place it is stored is on a 2-factor multi-segment key password safe, so even stealing the container file is useless without the second key path. ...

Skipping ahead....

...In addition a credit card stored on Amazon was attempted to be used for a not-in-person (e.g. Internet) transaction a few days ago.  The issuer blocked it, notified me and, when I contacted them immediately replaced the card, of course....

...But then the attempted access with a well-secured and random, never used elsewhere password happened early Monday morning....

 

Ruh Roh.....

 ...My operating presumption at this point is that the exact sort of risk I previously warned of a few years back, that of a hypervisor or other back-end hack that allows interception of data streams is involved.  It almost has to be since any site with more than 2 cents worth of intelligence in their coding team uses one-way hashes to store passwords and thus it is not possible to obtain a stored password...

... Stored credit cards obviously cannot be protected with a one-way hash since you need to present them to the card network when a purchase is made.  That both compromises occurred in the same place within a few days of each other, the CVV was present on the credit card attempt and the credit card number is not on any of my devices, say much less the CVV but both are on Amazon is extremely strong evidence that the compromise occurred on the other end, both compromises were of one source and the event involved a tap/siphon attack on the destination host after TLS (https) decryption had taken place along with theft of the stored credit card number and CVV code -- which may well implicate theft of encryption keying on their end....

So what's the good news?

None.

...These sort of attacks are impossible for you, as an individual, to defend against as they do not occur on your device or on the Internet as a whole; the entire responsibility and defense against same rests with the organization you are connecting to on the other end.

I posted what had happened in the private area on my forum and another user confirmed that an unauthorized charge was made outside the US on their Amazon account, which once again would not be possible without some sort of hackery -- and it too occurred within the last couple of weeks.

Two isn't proof but its damned suspicious.

If you use Amazon check your credit card billing records very carefully for any card you have stored there.

I could be wrong about exactly where and thus how this occurred -- but I very much doubt it....

Oh, goodie.

No comments:

Post a Comment