# Amazon accounts hacked.....



## Rhys (Dec 21, 2014)

Just to make folks aware, it might be an idea to update your details and change passwords etc..

I've just had my account hacked and my email address changed to a Russian one ( [email protected] ) luckily the dumb idiots hadn't changed my password - although I didn't notice until after I'd rung my bank and Amazon..

When I spoke to the nice lady at the bank's fraud department, she said the same had happened to her last week.

Anyway, I've changed it back, updated and added extra security, given Amazon a polite bollocking for not being able to cancel the changes (many places send an email confirmation of the change, like they did, but also give you the option to cancel the change through the email for up to 24hours. With the addition of 'if this was you, no further action is needed'). Amazon are looking into this now.. Also I've removed all my card details.. My account is blocked anyway until they contact me, but at least I know it's back in my name.


----------



## knightsfield (Sep 22, 2014)

If you haven't already it's worth turning on 2 step authentication.


----------



## Rhys (Dec 21, 2014)

knightsfield said:


> If you haven't already it's worth turning on 2 step authentication.


Oh, don't worry - that was the second thing I did (after changing my email address back..)

Not that it would matter as I've removed my card details off the site and stopped 1 click buying (not that I've used that recently).


----------



## Flibster (Aug 15, 2010)

As above, turn on 2fa on anything you can. Slightly annoying at times, but works really well.


----------



## Glenn (Jun 14, 2008)

2FA is a PITA but very relevant in today's world


----------



## Dylan (Dec 5, 2011)

Amazon account 'hacks' usually come from another compromised service where you use the same username and password combo.

You can check if your data has ever been part of a leak and if you should change it...

Here for email: https://haveibeenpwned.com

Here for password: https://haveibeenpwned.com/Passwords

The site is run by a respected security researcher, and won't store your details when you enter them. But if your worried about using it then you can manually search the password list by downloading.


----------



## MildredM (Feb 13, 2017)

Good link, thanks. It seems my email has been compromised 4 times in 4 years.


----------



## Mmiah (Feb 13, 2015)

Thanks for the heads up, my accounts seem to be ok


----------



## DaveP (Jul 14, 2017)

My main account seems to of been 'compromised' quite a lot... which would explain the large amount of spam, the good news is that my secondary accounts are ok.

So time to change the email address for the important sites (like this one, lol)


----------



## mattyb240 (Apr 2, 2013)

If you aren't already consider using a password manager to generate long secure unique passwords. I use 1Password and would highly recommend it. Others use service like lastpass etc as well.


----------



## Dylan (Dec 5, 2011)

Worth being ware that password managers systems are not immune either - Both OneLogin and Lastpass have had security problems in the past - although I think Lastpass was a problem fixed before it was exploited (at least according to public knowledge)

I personally prefer secure password written down at home to storing them all with one company. So long as you put them in a relatively secure place and you aren't a high profile/value target to a physical attack on your home then this is a very secure way to do it. Long password with numbers/symbols are best - sites that limit what you can use in a password (be it character type or length) do more harm than good.


----------



## Hairy_Hogg (Jul 23, 2015)

I am pretty sure I read that the best passwords are sentences you can remember and these are as hard to crack as long random sequences but you do not need to write them down to remember them.

For example D0gR1de5H0r5e (DogRidesHorse) is as hard to crack as xR6*lk34%6lLi£$

I use this approach but I also use LastPass


----------



## Dylan (Dec 5, 2011)

Hairy_Hogg said:


> I am pretty sure I read that the best passwords are sentences you can remember and these are as hard to crack as long random sequences but you do not need to write them down to remember them.
> 
> For example D0gR1de5H0r5e (DogRidesHorse) is as hard to crack as xR6*lk34%6lLi£$
> 
> I use this approach but I also use LastPass


You are correct, and actually something like cathellotruckfrancebathgrasssky is as hard to crack as something with a mixture of symbols. Unfortunately a lot of sites limit the maximum character limit of a password so these kind of common sense relatively easy to remember word combos are a no go.

If you ever buy bitcoin the password to your wallet will be a collection of words, and they recommend you make a 'memory palace' to remember them. Sooo... The *Cat* said *hello* from the back of the *truck* whilst travelling through* france* on his way to have a *bath* and then lie on the *grass* looking at the *sky*.... if you visualise this combo of events its easy to remember this very secure password.

There are basically two ways (without physical access to you or where you might have written it down) to crack a password.

Brute force: This just uses a dictionary list of millions of passwords - if yours is on the list (either common passwords or stolen ones) you can be cracked given enough time (typically a few hours to a few days)

Cracking the system that holds them: If the company that holds your password is cracked because of a weakness in their system or the OS or software they use, and your password is stored in plaintext (becoming less common, but used to be very common. Plaintext means not 'hashed' - turned into a jumble of letters/symbols which requires its own password to show) it can be stolen. If your password isn't simple this is probably how it got stolen.

As an extra FYI: An AES256bit hashing algorithm would take the fastest supercomputer in the world (currently 93 petaflops) 27,337,893 trillion trillion trillion trillion years to crack via the 'brute force' method. Quantum computing will bring both a way of reducing this to within the realms of possibility - but will also bring with it truly unbreakable encryption (if you are a government or multibillion dollar company)


----------



## destiny (Jun 4, 2015)

Highly recommend KeePass for storing passwords, even seen it used in large international corporations. Really good security and its easier to remember one password to it than hundreds of different ones.


----------



## MediumRoastSteam (Jul 7, 2015)

I use Apple's Keychain + iCloud as all my devices are Apple. It works really well and seamlessly. Moreover, if they hack Apple, it's likely it will never make headlines ....


----------



## Guest (Apr 15, 2020)

just had the same done to me, had a parcel delivered to my door and my password changed, the emails [email protected] too bad i dont speak russian smh


----------

