After the recent Holiday seasons Target.Com user accounts compromise issue, Amazon has also recommended a couple of security measures to its loyal customers. If you have not changed your Amazon.Com account password in a while, now may be the time to do so. It is never too late to add an extra level of protection to anything that lies on the internet.
For instance, you can use a random password generator program to create a strong password. Copy and paste it into the “Enter New Password” field in your Amazon.Com account. Do bear in mind that random passwords are a combination of letters, symbols and numbers; you will have to save this password somewhere close by either in your computer, or in written form in a diary.
In case you didn’t know, Amazon’s old passwords were not case sensitive. Anyone who wanted to guess the password only had to keep on entering the guess phrases. The task seems a little bit impossible for newbie hackers, but someone who already knows you, can easily guess your password. All they need is a close observation of your habits, likes, dislikes and way you act on the internet.
This recent security flaw was made public by Reddit users. Do bear this fact in mind that Reddit just discovered it a few days ago, the degree of damage that brute force hackers have incurred against very old Amazon user accounts is still not known.
Another form of Amazon.Com account hacking which recently came into limelight was how people manipulate the company’s customer care agents into giving out your account info. For instance, according to an article at Wall Street Journal and Wired.Com website, the attacker called the Amazon customer service helpline and asked for a password change request.
If the attacker knows your primary email account which you use for Amazon.Com, and the last 4 or first 4 digits of your card, he can simply request the company’s CSR agent for a password change, by saying that I am the real account owner and lost access to my Amazon.Com email. Therefore, I am providing you with a new email address, alongside the old one and credit card last 4 digits info, in order for you to proceed with the request.
It appears that Amazon account passwords are stored in a UNIX encryption format. The main job of this crypt is to convert all password characters into caps. So if you entered your password as “password”, the UNIX will change it to “PASSWORD”.
Now the older passwords at Amazon Dot Com were exclusive of case sensitivity. Even at the time of account creation, when you entered “PassWoRd” as your account password, the system simply just converted all characters into the capital alphabet format.