A couple years ago, I documented my experience with Amazon’s “customer service backdoor” which would continually give out my private information to anyone who knew my name.
The story apparently struck a nerve and was viewed almost a million times, and prompted an apologetic executive at Amazon to call and offer “special” security for my account and an explanation of what went wrong. To further secure the account, I updated the email address to a new unguessable special-purpose email address ( firstname.lastname@example.org ).
This approach held up admirably for a couple of years, despite me being a constant target due to some prior involvement I had in cryptocurrency. However a few months ago, it proved all to be for nothing with my account’s email address being changed and presumedly my AWS account fully compromised. Ironically my attempts at restoring access to my account have all been unsuccessful as the email address has been changed to something I have no access to despite me having the original email address and continually being billed.
It is my belief that what drives amazon to be such a successful customer-happiness driven company has made it pathologically incapable of keeping your account and data safe. While I will continue to shop there, I would strongly encourage anyone with valuable data to immediately switch to google. In my experience, google takes account security extremely seriously and has proven to be extremely resistant to social-engineering out of the box, and offers an invaluable “advanced protection program” to targeted individuals.
If this story makes it’s way to Amazon — I would really appreciate if you would please stop billing my credit card for the compromised account (the charge just issued of $122.16) as I have requested several times already.