Tuesday , December 1 2020

Customer Data Leaked Worst Amazon Black Friday Deal




<div _ngcontent-c14 = "" innerhtml = "

It's not the Black Friday e-mail I've been waiting for from Amazon.Davey Sarıcı

Amazon confirmed that customer names and e-mail addresses were announced on Black Friday week data leak. The online retail giant wasn't hacked, there was no violation and there was no apology. The technical customers (including me) & # 39; technical error & # 39; There was an email stating that it was. This can be done by using the names and email addresses' accidentally & # 39; was the explanation. Oh well, then no problem. Not.

An e-mail from Amazon came in the middle of a train between London and Leeds. It wasn't an e-mail I wanted to read. & # 39; Important information about your Amazon.com account & # 39; the topic was not good and the message itself confirmed my suspicions.

"Hi, we're contacting you to let us know that our website has inadvertently revealed your name and email address due to a technical error. The problem is fixed.

It is, short and not sweet at all. There's absolutely no information about how this happened, and there's absolutely no apology from leaking out my name and my e-mail address. As in Amazon's official press release: "We've fixed the issue and informed customers who may be affected," he said before adding, "Amazon takes all security-related issues very seriously, and your account security is our top priority for us. Our policies and security to ensure that your information is safe We have measures. "

It's not safe enough, it seems. The Amazon press office in the UK, even if it insists again Inquiry with registrationThis is not a violation in the sense of "hacking", but rather a "careless technical error", still worried that the size and profile of Amazon could allow an organization to infiltrate.

While this is not seen as a violation of an attack on customer data held in Amazon, these semantics are cold comfort for people who have leaked information. "This seems to be a careless programming error that makes some details of Amazon's profiles clear to people at random." The CEO of the web security company High-Tech Bridge told me in an email to water and founder Ilia Kolochenko. "The weakness of Amazon has shown that the development and IT Operations teams need to pay more attention to the structural quality of the software," said Lev Lesokhin, vice president of strategy at the software intelligence outfit CAST.

Of course, things could have been worse. If it is not found to be exposed to any other data regardless of the problem in Amazon, it means that only the names and e-mail addresses have been revealed, the data has a limited value to the criminal classes. Security provider CensorNet's CTO doesn't have the same value as Richard Walters. "Cyber ​​criminals can do a lot of damage with a broad name and email database," Walters says. "The biggest risk is brute-force attacks – criminals use an email address and common password combinations to try to get into other personal accounts." If the Amazon customer uses the same login information on other sites and services, it can only be a matter of joining points to allow an attacker to access a profitable resource.

This applies in particular: Retail fraud attempts are expected to increase by 14% on Black Friday's Cyber ​​Monday weekend. Research payment provider by ACI Worldwide.

">

It's not the Black Friday e-mail I've been waiting for from Amazon.Davey Sarıcı

Amazon confirmed that customer names and e-mail addresses were announced on Black Friday week data leak. The online retail giant wasn't hacked, there was no violation and there was no apology. The technical customers (including me) & # 39; technical error & # 39; There was an email stating that it was. This can be done by using the names and email addresses' accidentally & # 39; was the explanation. Oh well, then no problem. Not.

An e-mail from Amazon came in the middle of a train between London and Leeds. It wasn't an e-mail I wanted to read. & # 39; Important information about your Amazon.com account & # 39; the topic was not good and the message itself confirmed my suspicions.

"Hello, we're contacting you to let us know that our website inadvertently disclose your name and email address due to a technical error.

It is, short and not sweet at all. There's absolutely no information about how this happened, and there's absolutely no apology from leaking out my name and my e-mail address. As in Amazon's official press release: "We've fixed the problem and added it before informing affected customers," he added. "Amazon takes all security-related issues very seriously, and your account security is our priority. We have policies and security measures to keep your personal information safe."

It's not safe enough, it seems. While the Amazon press office in the UK insists on the repeated questioning by The Register, it is not a violation in the sense of ında a hack “but a; technical error sonra, but it worries that a company will have a dimension and a profile. Amazon could have allowed the leak to occur.

While this is not seen as a violation of an attack on customer data held in Amazon, these semantics are cold comfort for people who have leaked information. "This seems to be a careless programming error that makes some details of Amazon's profiles random to people," Ilia Kolochenko, CEO, and the founder of the web security company High-Tech Bridge told me in an e-mail. "The weakness of the Amazon has shown that the development and IT Operations teams need to pay more attention to the software structural quality," said Lev Lesokhin, vice president of strategy at the software intelligence outfit CAST.

Of course, things could have been worse. If it is not found to be exposed to any other data regardless of the problem in Amazon, it means that only the names and e-mail addresses have been revealed, the data has a limited value to the criminal classes. Security provider CensorNet's CTO doesn't have the same value as Richard Walters. "Cyber ​​criminals can inflict too much damage on a large database of names and emails," said Walters, "The biggest risk is brute-force attacks – criminals are trying to enter a leaked email address and other personal accounts using common password combinations." If the customer uses the same login information on other sites and services, it can only be a matter of joining points for an attacker to gain a lucrative resource.

This is expected to increase, especially at present, when retail fraud attempts are made by Black Friday's ACI Worldwide, a 14% payout provider on the Cyber ​​Monday weekend.


Source link