It is pointed out that Amazon's service publishes personal information such as ``name, date of birth, parent's maiden name'' by default and can be easily exploited by criminals



Big tech companies have a lot of personal information about their users, and it's easy to imagine how dangerous that information would be if it fell into the hands of criminals. However, ``Personal information such as name, date of birth, and parent's maiden name registered in Amazon's service is open to the public, making it easy for criminals to obtain this information.'' News The site The Intercept reports.

Amazon's One-Stop Shop for Identity Thieves

https://theintercept.com/2022/08/07/amazon-registry-identity-theft/

What The Intercept sees as a problem is a service called `` Amazon Registry '' that allows you to register various `` celebration items '' in advance and share them with people according to milestones such as marriage, childbirth, and birthdays. . In countries such as the United States, there is a custom of ``purchasing and sending gifts that the parties have registered in the list'' for celebrations such as marriage and childbirth, and the Amazon registry is a convenient service for such occasions.

Amazon.co.jp in Japan has also introduced it in the form of ' Baby Registry (Rakuraku Baby) ', and by sharing a wish list with family and friends, it is possible to receive gifts that match the budget of the other party. is.



Amazon registries can be shared with friends and family, and are searchable on Amazon's website by default. You can also search from a variety of third-party websites, including wedding planning website The Knot and parenting website The Bump.

For example, if you enter part of your name, select the registry type and click 'Search'...



The registered registries are listed in reverse chronological order. Normally, only registries with scheduled dates such as weddings and birth dates after 2020 will be hit, but it is also possible to bypass date restrictions and find registries with older dates.



Using browser developer tools, The Intercept reports that they were able to trace wedding registries as far back as 2004 and birth registries as far back as 2006. In other words, from the 2006 birth registry, it is possible to know the name and date of birth of a 16-year-old child at the time of writing the article, and if you can find out the parent's wedding registry, the parent's maiden name etc. So you can know. There are also concerns that children registered in birth registries will have even more serious consequences when they reach adulthood.



Information such as date of birth and parent's maiden name are often used as 'secret information' when recovering passwords for online banking accounts, email providers, and other web services. However, this information is neither secret nor anything, and in some cases it can be easily obtained by searching on Amazon. In fact, there have been reports of cases in which the information used for these authentications has fallen into the hands of criminals and has been misused .

In addition, The Intercept pointed out that the personal information of 'unborn babies' is available in the Amazon registry and can be used to impersonate criminals.

To prevent abuse of the Amazon registry, The Intercept recommends switching the default 'public' privacy setting to 'share only' or 'private'. Also, it is said that it is better to delete the registry itself when the event is over, but there is a flaw in the page explaining how to delete the birth registry, and there are parts that do not know what to do. “Perhaps the best solution is to not use flawed and privacy-encroaching services,” he said.

in Web Service,   Security, Posted by log1h_ik