Did my amazon account get hacked?
March 24, 2013 8:12 PM   Subscribe

I recently went onto amazon and found multiple items in my cart that I had not placed there. Could my account have been hacked, or is it just some weird glitch?

I've already changed the password as a precaution, but this doesn't seem like a clear-cut hack - I have no idea how someone could get into the account (I don't click e-mail links, login on publically accessible computers, use the same password on different sites, used an easy password, etc.), and my "search history" only shows items I've browsed for. How could these items show up in my cart without being browsed for?

In the meantime, I'm a little freaked. Should I be taking further steps? Is there anyway to find out (if I was hacked) HOW they got my info?

Thanks for any help you guys can provide.
posted by Sakura3210 to Computers & Internet (22 answers total) 2 users marked this as a favorite
 
ACK! I would be freaked too. I'd contact Amazon pronto to let them know.
posted by bearwife at 8:25 PM on March 24, 2013 [1 favorite]


They could likely log ip addresses at Amazon that keeps track of accesses from accounts.
posted by oceanjesse at 8:49 PM on March 24, 2013


Have you logged in on any computers that are shared access? Maybe at a relatives house? It's possible that your details were never cleared and they went on the computer later to shop without realizing that it was your account.
posted by codacorolla at 8:54 PM on March 24, 2013 [2 favorites]


Response by poster: I've contacted Amazon, and they said they couldn't help me figure out who got in and how. They also seemed to think the hackers(?) hadn't found out my password as no orders were made - again, this all just seems really weird.

I haven't logged onto Amazon on any computer that I do not personally own... Could maybe my computer have been hacked (I let family surf the web, they could've visited a sketchy site)? Although it's a Mac, and I've never heard of one being hacked...
posted by Sakura3210 at 9:03 PM on March 24, 2013


Most likely answer is that one of your family members was surfing Amazon on your computer, and added them to your cart, possibly thinking they were logged into their account.
posted by barnone at 9:11 PM on March 24, 2013 [6 favorites]


Things like this can happen if you're accessing the net through a caching server.
posted by Chocolate Pickle at 9:12 PM on March 24, 2013 [1 favorite]


Response by poster: The only family member around this week definitely did not surf Amazon (she was only surfing sites in her native language, which is not English - leading to my concern of "sketchy sites").

Chocolate Pickle, could you tell me more? How would a caching server cause this to happen, and how can I know if I'm accessing the net through one?
posted by Sakura3210 at 9:32 PM on March 24, 2013


Amazon in particular, in my experience, does not need to be actively sign-into to update the cart. So if order something at work and never out my password in again, I won't be able to order again without putting in my password, but anything added to my cart will update immediately if I visit amazon.com from any other location.

That fit anything you my have done?
posted by mhz at 9:42 PM on March 24, 2013


See this.
posted by Chocolate Pickle at 9:46 PM on March 24, 2013


Response by poster: The issue is that the items in the cart were things neither I nor my family would look for; nothing bad, we simply have no need or interest in them (e.g. Cat toys when we have no pets), and we definitely would not have put them in the cart. The items have to have come from some external party, be it machine (glitch) or human (hacker).
posted by Sakura3210 at 9:52 PM on March 24, 2013


Response by poster: Chocolate Pickle, based on the link, I don't think that's the case here. The cart had some items I had previously placed in it as well as the items I did not. If I was picking up someone else's cart, that shouldn't have occurred, right?
posted by Sakura3210 at 9:57 PM on March 24, 2013


You forgot to log out somewhere and someone added something to your basket.

Don't worry - they need your password to buy something. I would change your password anyway.
posted by devnull at 1:24 AM on March 25, 2013


You can add stuff to your basket in Amazon without being logged in, if you then log in the items are transfered to your account's basket. So are you sure you were actually logged in when you first noticed the items?

Change your password anyway.
posted by epo at 4:46 AM on March 25, 2013 [1 favorite]


This happens to me all the time, usually after I use Amazon on one of the public computers at work. There will be work-related (or coworker-related) stuff in my cart. It can happen days or maybe even weeks after I last use Amazon on the public computer.

Have you/did you ever use Amazon from a public computer, even just to look at your wish list or something?
posted by mskyle at 6:12 AM on March 25, 2013


Response by poster: I have not used Amazon on a public computer, for any reason. As I have never logged in on a public computer, I could not have forgotten to log out and had someone "accidentally" add things to my cart. The things in my cart were not put there by me. No one could have signed in as me as I am the only person who knows my password.
posted by Sakura3210 at 7:13 AM on March 25, 2013


Do you perchance have the chrome plugin that allows you to add items to your wish list? Maybe that went a bit haywire.
posted by tigerjade at 7:28 AM on March 25, 2013


Response by poster: Nope, I don't use chrome. And I've never used a plugin for adding wish list items on any browser/computer.
posted by Sakura3210 at 7:45 AM on March 25, 2013


I think this could be a combination of an upstream caching server and local cookies (which added your items to the mix.) It's in Amazon's best interest that you don't lose your cart items as that could also equal a lost sale. I think this might be a case where those two sources were combined (you can replicate this by adding things to an anonymous cart without using cookies, then by logging into to your account to see how it combines).

I wouldn't suspect hackers, I would suspect an anomaly on how cart items are assigned to client IPs. To test this theory..try clearing your cookies after logging out of Amazon and check to see if you still have cart items while logged out.
posted by samsara at 9:05 AM on March 25, 2013 [1 favorite]


Amazon has "add to cart" ads now, where one click adds the featured item to shopping cart. Is it possible you clicked on one of those ads?
posted by OrderOctopoda at 10:10 AM on March 25, 2013


What can be done with a click can be done without one by an unscrupulous web site owner. I wonder if someone has borrowed that code to try to sell their own product?
posted by Chocolate Pickle at 11:43 AM on March 25, 2013


Response by poster: There were too many similar items to have been added by one click. Samsara, your idea seems like it could explain everything, plus I like the idea of this just being a glitch. I wonder if this has happened to other people?
posted by Sakura3210 at 3:53 PM on March 25, 2013


Response by poster: It happened again! I checked my cart, and it was filled with exact same items as the last time. This is after I changed my password.

I called Amazon, and the rep I spoke with agreed it was weird. She said she'd submit the issue to IT, and they'd call me back if they figure out what is going on. So, I'm not going to mark this issue as resolved for a little while longer (since if I do get an answer, I can make note and be helpful to others).
posted by Sakura3210 at 3:50 PM on April 15, 2013


« Older Need ADHD medication but no doctor or insurance in...   |   Putting baby on a routine Newer »
This thread is closed to new comments.