 Cheddah
join:2001-12-31
San Rafael, CA | That's why I always use a junk email addy... I use a junk email addy when I make online purchases so I don't care who has it... | |
|
 | 
fartness
Computersoc Dot Com
Premium
join:2003-03-25
Look Outside
clubs:
4 edits | Re: That's why I always use a junk email addy... Wow! I can get their home addys too! Click on "Request e-mail address" and then go to "View My 'About Me' Page". Have there been any reports on people exploiting this with malicious intent? Good thing I don't have an account there...or do I?? 
EDIT: Yeah, I do...and the thing works. Good thing the thing I mentioned above doesn't always work. I only get my email. I typed in random user names and some showed their home addresses with names and everything else too...
--
»www.computersOC.com - User reviews of computer hardware - Computer forums - Adelphia forum - P2P politics - more... | |
|
|
|
| 
MrTangent
join:2001-12-28
Earth
| Re: Wh00ps..... said by Logan 5  :
I don't personally use amazon but I feel BAD for the people who have or may be compromised by this....
I'm not sure having your email account found qualifies as being "compromised". It's unfortunate, but it's not like passwords or credit cards were given out. Let's put this in to perspective here.
--
"War Is Peace. Freedom Is Slavery. Ignorance Is Strength." | |
|
| | |
| | | |
| 
devrandom
I got a pot, full of random stuff here
Premium
join:2003-06-28 | Well as soon as this gets enough PR, it'll be fixed. For now I think Amazon would consider this bug a "feature".  | |
|
MrTangent
join:2001-12-28
Earth
| If you're able to view your opinion... "Unhappy with a book review? feel free to flame the reviewer directly." If you're able to exercise your freedom of speech then why is it so awful to imagine that the author would be able to do the same? If I wrote a scathing review of a book I wouldn't feel the need to cowardly hide behind anonymity. Hell, I'd encourage feedback in any shape or form.
However, I do agree that this slip-up should be fixed immediately, but again, let's put this in to perspective here. This article makes it seem like this simple and relatively innocuous flaw is responsible for the recent "Orange" threat level increase.
--
"War Is Peace. Freedom Is Slavery. Ignorance Is Strength." | |
|
| 
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| Re: If you're able to view your opinion... I wasn't talking about an author finding the email of a reviewer. I meant, customers can flame each other. Any community site goes to great pains to make sure that only people you wish to know your email, can see your email, and amazon is spewing all of them, to anyone. | |
|
| |
| |
MrTangent
join:2001-12-28
Earth
| Re: If you're able to view your opinion... Thanks to Justin and Statemachine for their excellent retorts.
I didn't mean to imply that anonymity was cowardly. I personally think that someone should be able to express their views anonymously. In my original reply I was only stating that I didn't think this flaw was hugely worrisome since no real damage would probably become of it (i.e. no financial loss due to credit card numbers being revealed).
However, I agree with the followups and hope that amazon.com fixes this flaw immediately.
And for the record, I am a big fan of anonymity; especially for critiquing the government or large corporations. In fact, the increasing reliance on cell phones (that are conveniently implanted with tracking technologies now) is troublesome. Why? Because oppositely, there are less and less payphones. This is worrisome because it is now becoming harder to be able to stay anonymous without fear of repercussion (i.e. if you wanted to call in a case of corruption anonymously with your cell phone you could be tracked). You could make a point that the payphone and the internet (especially weblogs) are our modern version of the Revolutionary War-era pamphleteering. Anonymous dissent is critical to freedom of expression.
I'm rambling though and I have a fever from the flu so I'll close for now.
--
"War Is Peace. Freedom Is Slavery. Ignorance Is Strength." | |
|
| | |
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| Re: If you're able to view your opinion... it isn't nearly as critical a flaw if someone could figure a URL to reveal a credit card number
but privacy for ones email address is increasingly important, not everyone can bother to generate (or manage) infinite numbers of throw-away email addresses in order to stop spam.
Having ones email make its way onto a spam vendor cdrom "50 million emails for 39.95" downloads can kill an email completely. What if your amazon email (amazon being a SAFE company to do business with, one that would NEVER sell or leak emails) was your favorite email, the one you only give to friends and family? What a HASSLE to have to change it. Would amazon compensate for time spent changing it? I don't think so. | |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
1 edit | Found it. ;) Wasn't on the "right page" sorry. That's pretty sad. I'm glad I don't "One Click" | |
|
shortman
Premium
join:2000-12-27
Garden Grove, CA
clubs:
| Changed nickname, but can nicknames be listed? I just went into my amazon.com account settings and changed my nickname from the default provided by amazon.com to something unlikely to be guessed.
But I still don't know if my email address is safe since in the process of changing my nickname the site told me that my nickname is always publicly accessible. I searched around their site and I was unable to find a way to search for a particular nickname. I tried searching on my nicknames in general search boxes at amazon.com and they did not turn up any results.
I have always had a unique email address with amazon.com though, and so far I have never been spammed at that particular address. But with this flaw in their system I am seriously surprised that I haven't been spammed. My original nickname appeared to be a simple sequencial one created by their site when I originally purchased from them. I expect I could gather a great deal of email addresses by simply incrementing and decrementing the numeric portion of that original default nickname. | |
|
| 
Googled
Yay, I have FIOS
join:2001-08-13
Orchard Park, NY | Re: Changed nickname, but can nicknames be listed? I don't see a page that lists nicknames, but it would be a trivial task to write a screen scraper to gather nicknames from the ZShops and auctions pages. | |
|
medfly
join:2003-05-15
Windsor, CO | uhhh, i dont think this works i tried it on my amazon account, and the address that came back was some wierd one that i've never had. I also tried Bezos as well, and it came back to some wierd name @mindspring.com | |
|
| 
Chief Sparky
52 Still On Patrol
Premium
join:2001-04-25
Thibodaux, LA
| Re: uhhh, i dont think this works said by medfly :
i tried it on my amazon account, and the address that came back was some wierd one that i've never had. I also tried Bezos as well, and it came back to some wierd name @mindspring.com
I works just fine. I just tested it from work with mine and several of my co-workers (they were all rather shocked to see their emails posted). So the problem with the site continues.
--
Life's too short to drive slow cars. | |
|
starstuff
Fly By Wire
Premium
join:2001-12-05
Mcallen, TX
|  No wonder why....
I use the "Exclusive - you will only receive e-mail from addresses appearing in your Contacts" option in my hotmail account. I use hotmail.com as my junk mail account. On Nov 18 I got a mail from:
START OF HEADERS
From : Conrad
Sent : 12:54 PM
To : yeqgs8Ej5d@amazon.com
Subject : Eliminate Debt Right Away
MIME-Version: 1.0
Received: from mc8-f8.hotmail.com ([65.54.253.144]) by mc8-s13.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 18 Nov 2003 14:56:28 -0800
Received: from C6f1MaFZu5.amazon.com ([24.168.98.66]) by mc8-f8.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 18 Nov 2003 14:55:44 -0800
X-Message-Info: Nw2+5eWlNspymOXfELWPkaYhSOauncStUpG3NwG3M38=
Return-Path: veLsbQFjRpLxHt@amazon.com
Message-ID:
X-OriginalArrivalTime: 18 Nov 2003 22:55:45.0246 (UTC) FILETIME=[1991F7E0:01C3AE27]
END OF HEADERS
I complained to amazon.com about the incident and to express my concerns about my security and privacy but I haven't received any confirmation or explanation from them.
I thought this was a lucky hit but after reading DSLR's article now I know it wasn't.
I will remove amazon.com from my safe list and I will not buy more merchandise from them until this security issue gets resolved. | |
|
darthur2000
join:2002-01-02
Middletown, CT
clubs: | Didn't work for me? I just tried mine and it didn't work for me so maybe they've got it fixed now. | |
|
|
shortman
Premium
join:2000-12-27
Garden Grove, CA
clubs:
| Re: Didn't work for me? Are you that say it isn't working sure that you are using the correct "nickname"? For my account it wasn't something that I had chosen, but was something assigned by amazon.com. You have to go to your seller preferences to figure out what your assigned nickname is if you didn't choose it yourself. | |
|
Sarick
It's Only Logical
Premium
join:2003-06-03
USA | Yea I I wrote in my user name and GRR I tried it and it showed an e-mail for Sarick..
Sheesh | |
|
Morac
join:2001-08-30
Riverside, NJ |  Call Amazon
I suggest everyone change your email address and then call Amazon and complain.
Amazon.Com Customer Service: 800-201-7575 | |
|
| 
ki1o
Premium
join:2001-04-12
Atlanta, GA
| Re: Call Amazon said by Morac :
I just tried this and it works (though I couldn't get the home address to display).
I suggest everyone change your email address and then call Amazon and complain.
Amazon.Com Customer Service: 800-201-7575
I just called Amazon Customer Sevice and reported the problem. The lady said that she would forward the problem to the web support team. Hopefully they will fix it.
If more people would report the problem, maybe they will fix it quicker.
--
Boycott The RIAA | |
|
Harknell
@dowjones.com
| still a problem Well, as of 10:00 am eastern time it's still there. I just checked. (btw, you need to click on the sellers profile link to go to the actual page listing your email address, it's in the grey bar that surrounds the info area in the bottom middle).
I'm not too worried about it now, it's set to my spam email address, but I can see this being a problem for people who put their main email address in their account, since they want their purchase confirmations to go directly to them. If amazon wants to keep this feature they should simply change it to a link to a form email that never shows the email address and is sent from their site. Then you can contact the person, but no information is ever transmitted without the other person's approval (obviously if they reply they are providing an email for the person to see). Ebay does this already.
Harknell | |
|
Googled
Yay, I have FIOS
join:2001-08-13
Orchard Park, NY |  Where is the nickname?
| |
|
|
Morac
join:2001-08-30
Riverside, NJ
 ·Comcast
| Re: Where is the nickname? Go to the "Your Account" page and click in the box on the right entitled "Auctions, zShops, and Marketplace" click the "Your Auctions and Zshops Account".
This will take you to another account setup page.
Right below the "Account Settings" there is a link entitled "View and edit your buyer and seller settings". Click that and your nickname will be listed on that page (you can change it there). | |
|
| | |
| | | 
skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Atlanta, GA
Host:
Charter HSI/CATV
Earthlink DSL
Embarq
ISP b2b etc
Cisco
| Re: Where is the nickname? said by Googled :
Awww crap. Visiting that "Your Auctions and Zshops Account" page automatically created a nickname for me. It used the first part of my email address. I had assumed earlier that's what it would be, but the nickname came us as invalid.
Lesson here is if you don't have a nickname then don't visit the Zshops account page. Stupid Amazon! 
I did the same thing. I now changed mine to a random mixture of letters and numbers. | |
|
cyberthugin
join:2002-03-12
Kew Gardens, NY | Hey George Which way did he go geoooogre, Which way did he goooo~ | |
|
TheMadSwede
Premium
join:2001-01-30
Holland, MI | Spammers with screen-scraping tools will take... Spammers with screen-scraping tools will take advantage of this within a heartbeat. If they didn't before, they will now...:o
--
Hey - there's this thing called spell check... | |
|
|
thew00
@se-tel.com
| Re: Spammers with screen-scraping tools will take... On their privacy statement, they refer that your information is viewable by others, but they don't sell it. I doubt it's something amazon will change, but I sent them an email.
I've used amazon for a long time now and like it way too much to stop using it because of this when places like yahoo and hotmail give out your email addy to the highest bidder. | |
|
linicx
Caveat Emptor
Premium
join:2002-12-03
United State
 ·CenturyLink
| So, what's new? Amazon never addressed any of my complaints regarding security. These are the same people who sent my "site secure" private information back to me in an unencrypted email!!! If I wanted everyone in the universe to know who I am and where I live I would put it on a website and invite the robots to forage.
Caveat Emptor! Let the buyer beware.
I stopped shopping Amazon at the first breach of my privacy, which was about four years ago. If I cannot trust a company with my address, how can I trust them to protect my credit card???
I can't and neither can you.
--
Be careful what you ask for - you just might get it. | |
|
Kevin83165
join:2002-03-31
Herrin, IL | Wth? How can any large company such as this let such a large blunder go loose.
They will probably not address the issue either until over 1000 people complain. | |
|
|
| 
dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ | Re: Amazon doesn't even read their emails of course they arent selling info. theyre giving it away. | |
|
| 
viperpa33s
Why Me?
Premium
join:2002-12-20
Bradenton, FL
·Bright House
| I also wrote a letter to Amazon, the email I received was worded differently but essentially the same. Sounds like a written letter to Amazon is in order. This problem may be a oversight on there part but they should take security matters very seriously when it is brought to there attention. | |
|
jeisenberg
New Year's Eve
join:2001-07-06
Windsor, ON
·Cogeco Cable
 ·Cogeco Voip
| It may be fixed I just tried to access a random nickname... I got the nickname to work (i.e. it showed a user page), but there was no access to an email address.
I noticed that the information had been "updated" as of 4:00AM today. I wonder whether that's the "current time" expressed in PST, or whether Amazon has addressed the issue. | |
|
bokamba
Chengdu Rocks
Premium
join:2002-04-05
Falls Church, VA
·Verizon Online DSL
| Response from Amazon.com Customer Service I complained to Amazon.com customer service yesterday, and received the following response:
"Thank you for writing back to us at Amazon.com.
I have reviewed our previous correspondence and your account.
I sympathize with your frustration in this matter. However, please understand that the information provided in our last message correctly represents our policy at this time.
As my colleague previously mentioned, we do not provide a way for anyone to get your e-mail address if you are not a seller through our Marketplace. We take privacy very seriously. I attempted to obtain your e-mail address in the way that you described and got the following message:
"Amazon.com member email addresses are only displayed on the member profiles of sellers and active auction bidders. If you have a relevant completed transaction with this Amazon.com member, you can locate their email address in Your Account."
What this means is that if you order through one of our Marketplace sellers, then you will be provided with their e-mail address only by accessing your account.
Thank you for your understanding. We hope to see you again at Amazon.com." | |
|
| csinger
join:2003-05-15
Baltimore, MD
1 edit | Yes, it seems to be fixed I think Amazon has quietly fixed this problem. As of this morning, email addresses I could previously see using this tactic no longer appear in that little gray area of the screen. | |
|
|
Googled
Yay, I have FIOS
join:2001-08-13
Orchard Park, NY
·VoicePulse
| Re: Response from Amazon.com Customer Service At least they got one problem with their site fixed. There is still this problem though. Amazon's privacy policy lists feedback@amazon.com as the address to send all privacy concerns to. Yet if you send an email to that address it gets bounced back with a canned message reading the following:
Subject: Your Amazon.com Inquiry
From: "Amazon.com"
To: "Me"
Date: Tue, December 23, 2003 7:35 pm
Greetings from Amazon.com.
We're sorry. You've written to an address that cannot accept incoming
e-mail. But that's OK--this automated response will direct you to the
right place at Amazon.com to answer your question or help you contact
customer service if you need further assistance.
You will find the answers to the most common questions here:
Where's My Stuff: »www.amazon.com/help/wheres-my-stuff
Canceling or Changing Orders: »www.amazon.com/o/tg/browse/-/595034/
Problem with an Item: »www.amazon.com/o/tg/browse/-/557204/
Marketplace Order Problems: »www.amazon.com/o/tg/browse/-/537868/
Gift Certificates: »www.amazon.com/o/tg/browse/-/518226
Returns & Refunds: »www.amazon.com/returns
If you need to modify an unshipped order or make changes to your
account or subscriptions, you may do so online at any time via Your
Account: »www.amazon.com/your-account
If your question is not answered by the above links, we invite you to
search our Help Desk at »www.amazon.com/help
We hope our online resources meet all your needs. If you've explored
the above links but find you still need to get in touch with us,
please click the "Contact Customer Service" link on our main Help page.
Thanks for shopping at Amazon.com.
Sincerely,
Amazon.com Customer Service
»www.amazon.com
--
DirecWay DW3000 DRS, SatMex 5 970 gateway 42?, P3-533/256 MB, 2000 SP4 w/ICS, shared to 1 x XP, 1 x 2000, 1 x Debian Linux, 1 x Netgear 802.11b | |
|
| |
bokamba
Chengdu Rocks
Premium
join:2002-04-05
Falls Church, VA | Re: Response from Amazon.com Customer Service They need to update their privacy policy, obviously. | |
|
| | |
phidong
@pacbell.n
| Re: Response from Amazon.com Customer Service US Customer Service
Phone toll-free in the US and Canada: (800) 201-7575
Phone from outside the US and Canada: (206) 346-2992 or (206)-266-2992
Fax: (206) 266-2950
E-mail: orders@amazon.com (I think this will still work, but no guarantees)
cust.service03@amazon.com - the e-mail they email you when you call the number to get "Feedback" on their "great" cusomter service
Wireless Phones and Service Plans Helpline
Phone toll-free: (866) 232-9681
Canadian Customer Service
Phone 9 a.m. to 10 p.m. Eastern time, 6 a.m. to 7 p.m. Pacific: (877)-586-3230
Corporate Offices, Seattle
(206) 622-2335
New! Fax: 206-266-1832
UK Customer Service
Phone: +44.208.636.9200
Amazon.com Headquarters
Address: 1200 12th Ave., Ste. 1200
Seattle, WA 98144
Phone: (206) 266-1000
Fax: (206) 622-2405
Info e-mail: in@amazon.com is no longer a working e-mail address.
(Amazon's CEO is Jeff Bezos, if you want a name to put on an e-mail or fax to this office.) | |
|
|
|
|
Wh00ps.....
Re: Where is the nickname?