I know that some people feel very defensive on the issue of DRM. They believe that having it is necessary and that anyone who says they are against it, or says they want to remove it, is a dirty, filthy pirate who is out to destroy us all. But as a customer who actually does pay money for media I consume, I do feel that removing the DRM for my personal use is a perfectly justified fair use, and the events of this weekend just prove why: my Amazon account was hacked!
I received an email on Saturday that Amazon had detected unauthorized activity in the form of a large gift card purchase made with a credit card not associated with my Amazon account. They had suspended my account and suggested that I open a new one in order to continue my Amazon patronage. After taking steps to verify that this was a legitimate email, I spoke with someone (by phone) at Amazon CS to try and work out a solution. While I appreciated their concern for my account’s safety, and their swift response when they detected something amiss, I was concerned that if I did as they suggested and set up a whole new Amazon account, I would lose access to all my previous Kindle purchases!
I do have them backed up to my computer, of course. But not everybody does. They don’t because Amazon tells them they can just re-download it off their servers later if they want to. And that’s fine as long as Amazon’s servers are willing to dispense them to you, but as soon as they are not—for whatever benign or less benign reason—you are SOL unless you made a backup. And saying that you want the right to make this backup (and remove the DRM, if necessary, so that you are free to use these books again on another device if something like this little fiasco occurs) is perfectly justified to me.
I do use the sync feature to read across my multiple devices and I wasn’t prepared to give that up for all the Kindle purchases I have made already. I asked them if they could transfer my books to a new Amazon account and they said they did not have that capability, but that they could submit a request to have my account be reinstated and that as long as I changed my password, I would be secure again. But I’ll have to wait until business hours on Monday to find out if this has been done and if I’m good to go. In the meantime, at least I do have backups of my books so I can read if nothing else!
On a final note, I did some digging and it turns out I am not the only person who has had this situation. Several Kindle customers who reported similar issues were able to trace the security breach to a recent hack of the Sony servers. I do have an account at the Sony store, although I have not used it in awhile, so perhaps the problem originated there. All I can do about it now though is change all my passwords and hope that Amazon restores my account on Monday and doesn’t make me start all over again. And of course, I can keep backing up my books!
What you said here: “I do have them backed up to my computer, of course. But not everybody does. They don’t because Amazon tells them they can just re-download it off their servers later if they want to.” …is exactly right. What use if the cloud, really, if I have to make sure I have my own backups in case of a situation like yours? And would those backups work on my kindle, if my account information changed? I hope you are able to resolve this. Please post again with an update to let us know if you were able to recover your account and books.
Joanna, it sounds like you might have had the same password at both Sony and Amazon. When you change your passwords, make sure that you use a different password at each site. For example use a mnemonic, like “This Is My Account at AMazon.Com” becomes “tim4bnDc” (note the A-M switches to B-N which is the next letter of the alphabet, not Barnes & Noble!) . Even better, have a different mnemonic for classes of sites, like one mnemonic for banks, another one for retailers, and another one for sites where you never buy anything (like forum sites). It’s still easy for you to remember, but not something the hackers will get unless they’ve hacked your PC, or a whole bunch of sites.
Yes, I am one of those bad people that uses the same password for everything. Lesson learned! And another lesson: when they sent me those ‘here are the details of your new account’ emails, I used to save them—IN my email folder! So anyone who got into my email could find them! Sooooo stupid. I just got an email from Amazon that my password has been resent, and I was able to follow their instructions to choose a new one and log into my account. I need to get Keepass or something and start keeping a more organized list of where I log in and what my passwords are. Lesson learned! And my point remains: back up your stuff, even if you have to tweak the files to do it. Because if something like this happens to you, you could be totally screwed.
Joanna, I can highly recommend Keepass combined with some kind of cloud backup service (I use Dropbox), especially if you want to save passwords for other software than web browsers, or simply crucial data. If you just want to use it for web use however, there are other services like lastpassword and 1password which may be easier to use and integrate. Pick a program you like, as long as you pick something. Using the same password for multiple sites is a recipe for disaster in the long run, and a good password manager can also help improve the security of your existing passwords by generating more secure ones.
Backing up your books on your own computer will serve only as long as you have that particular Kindle they were downloaded to in the first place. If your Kindle were to go bad and you got another, the downloaded books would be useless, so taking good care of those passwords, and having different ones is better.
You made more headway than I did. When my account was hacked a couple years ago, they said there was absolutely no way to have my account reinstated and that I would have to start a new account. However, they did credit me for all my Kindle purchases, which, of course, I had backed up sans DRM. So I lost all my Amazon search and purchase history, which I considered valuable, but I did get some free ebooks for my trouble.
You could look at it another way: As a case for better account security, to prevent hacking in the first place. Strange that everyone seems to think loose security is a good idea; how secure can you expect to be behind a lock made of cardboard? Then accounts get breached, and everyone is surprised and upset… There’s nothing wrong with backing up your files, of course. However, you should still be taking reasonable precautions when dealing on the web, and avoiding companies that can’t provide a secure transaction. There are too many predators on the web to risk yourself in insecure situations. Further, Amazon should be taken to task for letting this happen in the first place, as opposed to being thankful that they told you after the fact that you’d been compromised. Fat lot of good it did you to know afterward; by the time they’d discovered the hack and gotten around to telling you, every account you had (with the same password) could have been attacked. Maybe backing up your books would have saved them… but what good would that be if your financial accounts had been rifled or your credit ruined? Bottom line: Being secure is most important. If you can’t be secure, you should seriously consider doing business elsewhere.
For the utmost time, most ‘pro DRM’ people really don’t have an issue with DRM circumvention for these types of issues. The problem is that many honest people (and people who claim to be honest) believe that this is the most common reason for DRM circumvention, and that’s just not likely the case. If you’re not willing to accept the reality that a lot of DRM circumvention is for piracy, you’re displaying your unwillingness (perhaps inability?) to have a rational discussion on DRM, piracy, and it’s affects on publishers and consumers. Unfortunately, that describes most people on this site.
This has happened to me too, I’m still waiting for a resolution. I’m wondering how exactly certain customers were able to trace their security breach back to Sony specifically?