Experts warn that Amazon’s gift registries are a treasure trove of personally identifiable information, and because of some glaring security flaws, keys aren’t needed.
Findings from Interception discovered that anyone can use these registries to find out all kinds of sensitive information about people around the world who are alive – and even those who are yet to come into this world.
Interception says that the data Amazon collects through its registries of weddings, birthdays, new babies and more is available to anyone who knows where to look for it, given that the default visibility settings are pre-set for everyone.
Identity theft
For example, to register weddings, the company takes the first and last names of both partners, the date of the wedding, the number of guests attending, and the postal address.
This data is then not only made publicly available, but also automatically sent to The Knot service. For baby registries, on the other hand, Amazon accepts first and last names, expected due dates, whether the child is the parents’ first child, and a mailing address.
Visibility settings are the same as for wedding registries, except the data goes to The Bump, What to Expect, and Baby Center instead of The Knot.
All in all, there’s a lot of good data here identity theft (opens in a new tab) campaign – and there’s something particularly ominous about that, given that fraudsters can easily obtain the identity of dead children and use it to launch various cybercrime campaigns.
Although at first glance only data from 2020 is available, the real situation is much worse. Just by playing around with Amazon’s search engine, you can return results from 2004.
While Amazon does give users the option to delete registries, some people never do.
TechRadar Pro Amazon has been contacted for comment.
- This the best firewalls (opens in a new tab) there at the moment
Via: Interception (opens in a new tab)
https://www.techradar.com/news/your-amazon-wedding-registry-definitely-isnt-as-private-as-you-think/
