Join 3,512 readers in helping fund MetaFilter (Hide)


Who hacked my amazon acount?
May 31, 2010 6:36 PM   Subscribe

My amazon account got hacked. (besides the password) What should I change?

I also know the person who hacked it has the email: vika_bbb@hotmail.com. Anyone know this guy?
posted by TheJehosephat to Computers & Internet (15 answers total) 1 user marked this as a favorite
 
What do you mean by "it got hacked"? If the person who hacked it didn't change the password, maybe you should log in and change the password immediately.

Are you wondering if you should cancel your credit card?
posted by amtho at 6:39 PM on May 31, 2010


A little googling returned me with this, other than that I know nothing about the guy.

Change your password if you can, best thing to do is go and check on Amazon what you can see from your account, I think they block most numbers with XXXXs. If he hasn't bought anything on there then you might be fine, just change passwords and e-mails.
posted by Rax at 6:42 PM on May 31, 2010


Well the account password AND email were changed. I was notified by email as if I had changed it.

I called up and had the username/email and password changed, but I'm wondering if there are any other things I could do to protect it.
posted by TheJehosephat at 6:43 PM on May 31, 2010


Have you used your old amazon password as your password for any other web site? If so, you should change your password at these other sites as well. This is particularly important for sites where the site is prominent and you've used the same account name / e-mail address as the one you had at amazon.
posted by RichardP at 6:45 PM on May 31, 2010 [1 favorite]


I'm pretty sure there's no way for a third-party to actually find out your credit-card information from the amazon website. In fact, if they tried to purchase items and send them to an address that's not in your Amazon address book, Amazon forces them to re-enter the payment information, so you should be safe in that regard, but you might want to contact your bank and make sure there's no unusual activity.

Your hacker did get access to the mailing addresses of everyone in your address book, so you might want to contact all of those people and warn them to be on the lookout for communication purported to be from you, but isn't.

Look at your recent orders and be sure that nothing was ordered that you didn't order. If so, contact Amazon.

Check to make sure the hacker didn't leave any bogus reviews in your name. If so, you should delete them.
posted by crunchland at 6:48 PM on May 31, 2010


Amazon accounts only store information related to letting you make Amazon transactions, as far as I know. So just go through your Amazon profile and find out what you, as the account holder, can see in there; that's what your hacker will have been able to see. If Amazon allows you to see your whole credit card number (I don't believe they do, but could be wrong) you will want to cancel it and get a new one.

The most common way Amazon, Hotmail and similar accounts get hacked is by being hammered on by dictionary-lookup password cracking bots. The ones that end up compromised are generally those whose owners insist on using dictionary words or pieces of a couple of dictionary words or dictionary words with obvious substitutions like 5 for S as passwords. Since there are only about 100,000 words in general use, a dictionary-word-based password is only about as strong as a 3-letter random password.

Use a decently strong password and you're unlikely to get hacked again.

Also: that Hotmail address was probably stolen from somebody else, and knowing who that is won't help you much.
posted by flabdablet at 6:49 PM on May 31, 2010


Here's another great secure password generating tool.
posted by crunchland at 6:52 PM on May 31, 2010


Thanks all! This is very helpful.
posted by TheJehosephat at 7:02 PM on May 31, 2010


Rax: "A little googling returned me with this, other than that I know nothing about the guy."

Here's that webpage Google-translated, by the way. There also appears to be a Russian/Ukranian? girl by the name of Victoria ("Vika" for short) who uses that same username @mail.ru, if you google for it. Don't know if there's a connection, but her full name is easy to find if you want to pursue that path.
posted by Gordafarin at 7:32 PM on May 31, 2010


If it were me, I'd call my credit card company, tell them the card was compromised, and have them send a new one with a new number. Even though Amazon Xs-out all but the last 4 numbers, identity/credit theft is nothing to mess with. Better safe than sorry.
posted by cecic at 8:01 PM on May 31, 2010


cecic: except changing your credit card numbers is a huge PITA. There's no evidence any card numbers were compromised and, as others have pointed out, Amazon doesn't cough numbers back out -- you even have to re-enter just to ship to a new address, so I sincerely doubt there's some secret way they got the poster's numbers. Amazon may "X them out" but they don't actually return to you in the browser the full number anywhere -- once you enter your credit card number into Amazon's site, it never comes back to your browser, ever, not even hidden.
posted by R343L at 8:55 PM on May 31, 2010


Well, just because Amazon has X'd out many of the digits, the digits they've obscured are the ones that are the easiest to guess. The first 6 numbers of your credit card number have less to do with identifying you and more to do with identifying the bank or lending institution that provides the card.
posted by crunchland at 9:08 PM on May 31, 2010


Ever since my Gmail account got compromised I have switched to using randomly generated passwords for everything and keeping them stored in KeePass. Luckily this person only got into your Amazon account, but if they had gotten into your email (which hopefully it uses a different password) say hello to a having a really bad week. They would be able to see bacn emails for all the services you use and by doing Forgot Password on each of those they'd have access to most of your online presence.

Best advice I can give is try to limit the spread of damage going forward:
1. Use a different password for everything.
2. Put a random code in any forgot password question/answer fields. These are pretty useless with how social everyone is online these days. You can store this code in KeePass, too.
3. The password to your email account is just as important as your bank accounts. Treat it as such.
4. Just because your password may be strong doesn't mean the site you enter it into isn't storing it in clear text. If their database gets stolen the first thing the hacker would check is if that same password will get them into your email account.
posted by iamgoat at 10:02 PM on May 31, 2010


Change your security question if there is one. I forget how Amazon's forgotten password operates, but a hacker may use this info as a back door into an account without changing your password.
posted by nthdegx at 4:37 AM on June 1, 2010


Probably reasonable to assume that just like your Amazon account, that mail.ru account was hacked too.
posted by mendel at 3:52 PM on June 1, 2010


« Older The first alleycat was held in...   |  This summer, I am making signi... Newer »
This thread is closed to new comments.