Amazon account hacked, $130 purchases

Expired credit card used with new expiry date

Pages: 1 2

South African
Yesterday morning when I opened Outlook I saw 8 emails from thanking me for purchasing 7 gift cards worth $10 each and one worth $50. The purchases were made around 20h00 on Friday, 12 November.

I mailed Amazon to enquire about this and it turns out that someone had hacked my account and had already redeemed $80 worth of cards. Amazon are obviously not taking the blame and have sent me the usual "we will never ask you to update your details via email..." stuff, including a short lesson on safe internet purchasing and the value of keeping your passwords protected. They immediately closed my account, which was the sensible thing to do.

Nothing weird about all this, as accounts get hacked sometimes.

What is weird is:

- The credit card used expired almost 2 years ago, but showed up on my Amazon account with a new 2011 expiry date.
- There is no money missing from my bank account, which is the same one that used to be linked to the credit card in question.
- Only $80 worth of purchases out of $130 went through before there seemed to be a problem with processing the payment for the rest.

Anybody else have this kind of thing happen to them?
Small Town Boy
You forgot to mention the bit where you contacted the credit card company immediately so that they could stop any further transactions and refund you the money. You did do that, didn't you?
South African
Yes, obviously the first thing, but my bank says there's nothing they can do as no money has left my account and according to them there is no way to access funds with that card number, as it doesn't exist on their system anymore.

That's why this situation is so weird. I haven't lost out - it seems Amazon has.
That's weird - that nothing has been taken from your account.

When my credit cards expire, the new ones have the same numbers with just different expiry dates. I think the 3 digit security number on the back of the card stays the same, too. Would be easy enough to guess a new expiry year if someone got my old card details. Never considered this before.

Looks like you have done what you need to do.

Good luck.
Small Town Boy
Well as long as things stay as they are then you have nothing to worry about; if Amazon choose to complete a transaction without actually getting authorisation from the credit card company then they are indeed the ones who lose out. It is strange that they would do this on an item that doesn't need to be delivered to the invoice address.
Do you have a prepaid credit card? If not, then the bank is BS'ing you. The money leaves your account at the end of the month, and you have the right to reject any payments you want to, unless there was a payment or cash withdrawal made with a PIN number.

PS: the "hack" happened because many banks do the following thing: you have the credit card number 12345678910 valid until 10.2010. When it expires, they reissue the same credit card valid until 10.2015.

If the shopper was clever, he could have tried to change the credit card details in Amazon, thus getting him full info to your credit card info. To be honest, I'd block the card for now.
I'm pretty sure the 3 didgit security number on the back of your credit card is different though each time your credit card gets renewed. So the hacker couldn't have guessed that number or else amazon doesn't ask for it- which would be weird...
Amazon, like Paypal, only ask for it the first time you purchase something if you store the CC data (at least thats how I remember it)

However, the card security code allocation algorithms (cvc2 and cvv2) have been hacked more than 10 years ago. not easy to find, but there are even some programs than generate the code after inputting the card number and validity...
I'm pretty sure the 3 didgit security number on the back of your credit card is different though each time your credit card gets renewed.
I will check with the next issue. Just seems very familiar each time but I never thought to check it.

With Amazon, one can do the quick check out without re-entering the card info. Even then, someone would have to know the Amazon password to log into the account. Think I'll be changing mine soon.
Regardless of what's up with the credit card, these gift cards have serial numbers associated with them and their ultimate use could easily be tracked to a shipping address.
Huh. Just noticed something very strange on Amazon. Logged into my account to see what payment methods I have listed, and one is linked to my UK address and next to the expiry date it states: does not expire. I recognise the end numbers as my old UK debit card...and I haven't had an account in the UK since moving here...

Anyway, I've just managed to edit my card details without having to enter those three numbers on the back. Seems like for "one-click" shopping, you don't need the 3 numbers at all...
South African
The card is a debit card and any payments are debited the moment a purchase is made. No payments are delayed and if there aren't any funds a payment doesn't go through.

Both the credit card number, as well as the security number on the back changed when I got my new card, ironically for security reasons. At the time that my card expired I couldn't be in SA to personally collect my renewed card so they decided to issue a new one, which my mother picked up via proxy letter that I had to post to them. They then posted the PIN to my address in Germany and my mom gave me the card when she visited a few months later.

I think my only option is to close all online accounts I use for purchases here in Germany and the UK, create new email addresses and new accounts.
South African
Regardless of what's up with the credit card, these gift cards have serial numbers associated with them and their ultimate use could easily be tracked to a shipping address.
True, I will ask Amazon about this.
Wow I am surprised. I never had issue with amazon, but they are generally very good when it comes to rectifying any problems of a buyer. I have been screwed as a seller, but in the end even that was resolved.

I think I will be changing all my passwords and doing that random number and letter combos like hubby always tells me to do. I just hate not being able to remember my log ins
South African
I have also have never had issues with Amazon. Quite the contrary, I've only had excellent service from them in the past, which included getting screwed by one of their merchants and receiving a full refund.

Having now got a good kick up the arse kind of wake-up call I will be way more careful (as if it wasn't obvious enough all along) and use a SSL random password generator, ensure that every account has a different username/password combo and keep it in a little black book away from any prying online eyes.

In case anyone's interested:
Pages: 1 2
TT Logo
You are viewing a low fidelity version of this page. Click to view the full page.