Recommend
25 
 Thumb up
 Hide
11 Posts

BoardGameGeek» Forums » Gaming Related » Discussing Retailers

Subject: Secure Your Amazon Account!! rss

Your Tags: Add tags
Popular Tags: [View All]
Lawrence
United States
Tustin
California
flag msg tools
badge
Avatar
mbmbmbmbmb
Yesterday, I logged into Amazon to check on an order to realize that there were about $5,000 worth of orders on my account that I did not authorize. A refund request had also been issued with customer support for an order that I received weeks ago. The refund had been processed as "gift card" credit. I then noticed that someone was trying to reset my amazon and email passwords (I used the same password in amazon and my email). Luckily, I had two step verification on my email. The hackers couldn't access my email account even though they had the password. As a result, they couldn't lock me out of my Amazon account either.

Luckily, I caught all of this within minutes of the hacking and promptly changed my password and secured Amazon with two-step verification.

I only use that specific email and password login for Amazon and my email. Since my email had two-step verification, I assume that my Amazon was somehow hacked. I highly recommend that anyone with an Amazon account take the time to secure your account with two-step verification. Having it on my email saved me $5,000 in disputed charges and hours of headache.

Two-step verification requires that you enter a one-time code that is sent by either text or email whenever a new device logs into your account. I'm especially paranoid now, so I have it setup to ask for a code every time anyone logs in.

You can enable it by going to My Account > Settings > Login & Security Settings > Advanced Security Settings > Two Step Verification





17 
 Thumb up
5.00
 tip
 Hide
  • [+] Dice rolls
Alex Singh
United States
Moreno Valley
CA
flag msg tools
badge
Avatar
mbmbmbmbmb
This doesn't apply to just Amazon. Protect all your accounts. Use strong unique passwords for your online accounts. A password manager makes it much easier to handle. And take advantage of 2 factor authentication when available.

Every account you make with poor passwords is another point of weakness that could lead to bigger problems down the line. It's a hassle to change your passwords, but once it's done you will be more secure.
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Hugh G. Rection
United States
La Mesa
California
flag msg tools
badge
Avatar
mbmbmbmbmb
mavericklancer wrote:
I used the same password in amazon and my email


Yeah....never do that.
11 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
G Wintner
United States
Los Angeles
California
flag msg tools
Avatar
mbmbmbmbmb
Thanks for all this, OP. Taught me some things.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Joe Salamone
United States
Billerica
Massachusetts
flag msg tools
badge
Aggravating people worldwide since 1964
Avatar
mbmbmbmbmb
I got an e-mail from Amazon a few weeks ago that said they saw a list of passwords online (they didn't elaborate) and mine was one of them. They deactivated my old password and I had to reset it.
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Reed Dawley
United States
Delmar
New York
flag msg tools
Playing more games is better!
badge
Collecting games is not playing games!
Avatar
mbmbmbmbmb
This compares your email or logins to a list of places that have had security breaches. Not a bad resource to check.

Wiki Page
https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

Actual site
https://haveibeenpwned.com/
8 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
A H
msg tools
Same thing happened to me!

I went to check on my PS4 Pro pre-order and noticed the shipping address was changed. I immediately changed my password and enabled 2-step authentication.

Oh no — pwned!
Pwned on 1 breached site and found no pastes (subscribe to search sensitive breaches)

MySpace: In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the "Real Deal" dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.

Compromised data: Email addresses, Passwords, Usernames
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
reaching out from the in-between spaces...
United States
Baldwin
New York
flag msg tools
badge
Avatar
mbmbmbmbmb
Thanks! I seem to be fine, buy I am a big believer in two-step authentication and activated it. Wish Paypal had it too.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Will Morgan
United States
Hendersonville
Tennessee
flag msg tools
badge
Avatar
mbmbmbmbmb
Jorune wrote:
Thanks! I seem to be fine, buy I am a big believer in two-step authentication and activated it. Wish Paypal had it too.



Wait ... Paypal does have it I believe. I know I get a text with a number whenever I log in.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
reaching out from the in-between spaces...
United States
Baldwin
New York
flag msg tools
badge
Avatar
mbmbmbmbmb
Masterhit wrote:
Jorune wrote:
Thanks! I seem to be fine, buy I am a big believer in two-step authentication and activated it. Wish Paypal had it too.



Wait ... Paypal does have it I believe. I know I get a text with a number whenever I log in.


I looked all over in Paypal settings and couldn't find it. Where is it?
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Ted Marshall
United States
San Jose
California
flag msg tools
Avatar
mbmbmbmbmb
Jorune wrote:
Masterhit wrote:
Jorune wrote:
Thanks! I seem to be fine, buy I am a big believer in two-step authentication and activated it. Wish Paypal had it too.



Wait ... Paypal does have it I believe. I know I get a text with a number whenever I log in.


I looked all over in Paypal settings and couldn't find it. Where is it?

Go to Settings, then Security then "Security Key".
1 
 Thumb up
1.00
 tip
 Hide
  • [+] Dice rolls
Front Page | Welcome | Contact | Privacy Policy | Terms of Service | Advertise | Support BGG | Feeds RSS
Geekdo, BoardGameGeek, the Geekdo logo, and the BoardGameGeek logo are trademarks of BoardGameGeek, LLC.