Reply to post: Re: Devices generally have an api type login

A stranger's TV went on spending spree with my Amazon account – and web giant did nothing about it for months

Anonymous Coward
Anonymous Coward

Re: Devices generally have an api type login

Anything with "link your account" is always going to be a security hole and especially if a linked device can add a new link using the existing credientials.

IMHO Amazon do not want to publish who is linked to their account for the same as for all the others like steam,fb etc, basically people would be able to remove the link that allows these third parties to spy upon the user and their transactions.

Since Amazon here are taking pains to prevent the user from knowing which third parties can bypass authentication then you cannot see how many fourth parties may have been daisy chained into the loop.

To my mind if a company allows account linking then they are responsible for any fraud that occurs using their system, if they do not allow you to see who is spying upon you then they are intentionally thwarting identity legislation

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon