I ask the question in the title because I just had an odd and rather disturbing, when you think of the privacy implications, thing happen.
Out of the blue I got a couple of order confirmations from Amazon Japan for some oddball items shipped to someone I'd never heard of. The emails weren't sent to the email account that I use with my own Amazon account, so at first I thought spam. Then I went to Amazon.co.jp and did an account reset with that email address.
Which worked. And gave me access to some random lady's mailing address, phone number, billing address, last four of her credit card, and the ability to one-click order random items for her without any further verification (I assume, based on the US Amazon, that if I were to try and ship something to a different address I'd need the CVC code off the card to confirm). Plus of course order history, which had already been emailed to me.
When I contacted support, they basically said "We'll contact her to fix it, but this happens sometimes with new accounts."
Since I didn't verify the email address (never even saw a "welcome to Amazon!" email), that would mean that they're allowing account creation and orders with completely unverified email addresses. So a simple typo could result in a random person getting a substantial amount of personal info about you, not to mention the ability to max out your credit card ordering Lord-knows-what (they stock hardcore porn, among other things) shipped to your door without warning.
I didn't have a lot of faith in Amazon's security or scruples to begin with, but are they THAT screwed up across the board? Or just in Japan?
Out of the blue I got a couple of order confirmations from Amazon Japan for some oddball items shipped to someone I'd never heard of. The emails weren't sent to the email account that I use with my own Amazon account, so at first I thought spam. Then I went to Amazon.co.jp and did an account reset with that email address.
Which worked. And gave me access to some random lady's mailing address, phone number, billing address, last four of her credit card, and the ability to one-click order random items for her without any further verification (I assume, based on the US Amazon, that if I were to try and ship something to a different address I'd need the CVC code off the card to confirm). Plus of course order history, which had already been emailed to me.
When I contacted support, they basically said "We'll contact her to fix it, but this happens sometimes with new accounts."
Since I didn't verify the email address (never even saw a "welcome to Amazon!" email), that would mean that they're allowing account creation and orders with completely unverified email addresses. So a simple typo could result in a random person getting a substantial amount of personal info about you, not to mention the ability to max out your credit card ordering Lord-knows-what (they stock hardcore porn, among other things) shipped to your door without warning.
I didn't have a lot of faith in Amazon's security or scruples to begin with, but are they THAT screwed up across the board? Or just in Japan?
