Amazon’s Customer Identity Theft Story Is Frightening For Two Key Reasons

If you haven’t heard by now, Amazon’s customer service is being blamed for causing the identity theft of one of their customers.

Eric Springer, a regular Amazon shopper and former Amazon software developer, revealed in a Medium post on Sunday that he was the three-time victim of identity theft because of an error in Amazon’s customer service.

In his post, Springer explains that a hacker masquerading as Springer acquired his personal mailing address from an Amazon customer service representative.

Springer knew something was wrong when he received an email from Amazon thanking him for his recent inquiry. When he investigated the matter, he obtained transcripts from a supposed chat conversation he had with an Amazon customer service employee. The hacker provided the representative with Springer’s email address and fake mailing address (Springer uses a fake one for security reasons) and in exchange the representative provided Springer’s real mailing address and phone number. With this information, the hacker was able to convince Springer’s bank to issue a new copy of his credit card.

Related: Why people don’t trust Google and Facebook, according to new survey

Here’s how the conversation between the hacker and the Amazon employee went:

Springer’s story is frightening in two key ways. A) It shows that this type of identity fraud can happen to even the most security-conscious customer, and B) Amazon is one of the most trusted brands in the world, according to various consumer surveys.

Let’s tackle the latter point.

Related: Nielsen will start spying on your Facebook conversations about television

Over the past several years, consumers have consistently ranked Amazon highly in terms of brand trust and customer service. The fact that a company with such an outstanding reputation for both metrics could have a major security breach in their customer service policies is unnerving. Some might argue that Amazon landed in this mess precisely because they pay such close attention to customer service, which by default makes them more lenient with security issues. But this need not be the case. Apple is also one of the most trusted brands with a high customer service ranking, yet somehow they maintain strict security policies that at times even piss off the public.

Secondly, it’s worth noting that Springer is not your average Amazon customer. He is a tech-savvy man who is well-versed in online security issues, hence registering a fake mailing address with Amazon. Even people like Springer are not immune to privacy breaches. Case in point, top intelligence officials such as John Brennan and James Clapper have similarly been hacked in recent months.

What’s the key lesson in all this? Consumer beware. Your data is only as secure as the company you give it to determines.