Shared publicly  - 
 
They won't comment to WIRED on the security issue, but they did quietly fix the vulnerability.
105
50
Rob Heim's profile photoSteven Gu's profile photoJim Douglas's profile photoTrevor Jones's profile photo
20 comments
 
I agree. I'd be more hacked at Apple's policies and procedures here than Amazon.  They reset a password based on something you can get from a credit card receipt at a restaurant?  Wow.  
 
Those last four digits are pretty easy to come across - amazon isn't the only one. I'd be more worried about Apple at this point.
 
Just glad that Amazon made the smart move and protected their customers!  Hopefully this will be a lesson for other companies that are out there!
 
Glad to hear they fixed this.  I didn't like hearing how easy it was to gain access to an Amazon account.
 
Amazon did the smart thing and learned from it rather than spending six months writing a business case on profitability. 
 
Glad they fixed this. The Apple iCloud one sounds even more serious, due to the link to many people's phones, tablets and computer that many are likely unaware of. I hope Apple fixes that ASAP. 
 
Glad to know Amazon fixed their side but waiting on Apple.....
 
+Vsevolod Glumov I know how popular it's become to just blame Apple, but Amazon does share in the blame here for their flawed procedures.  Read the article.
 
Damn, and to think, I was reading this and thinking to myself if they got away with it maybe I could too....
 
+Vsevolod Glumov Perhaps those 4 digits could have been exposed some other way.  But they weren't; they were exposed because of a major flaw in Amazon's procedures.  Yes, Apple is at fault here, but there's blame to go around.  It's not helpful or accurate to just say it was all Apple's fault, while ignoring the other factors involved in the hack.  Ok?
 
I think its great that Amazon has taken action, but until Apple changes its procedures we're all still in the same spot...
How many other sites also display the last 4 digits? Paypal does for sure...I can only guess many others aswell.
 
Password security is like a hook on a screen door.  Two-factor authentication - something you have + something you know (PIN) should be the minimum.
Add a comment...