The Consumerist has a cautionary tale today.
An Amazon customer bought a Kindle, but the package went astray in shipment. Amazon immediately sent another one, however:
My suspicions were confirmed. Someone else had gotten their hands on the first Kindle lost in shipment and because the Kindle came preloaded with my name, email, address and credit card information, this person(s) was able to make purchases on this Kindle. I spoke with the customer service agents who after understanding did their best to help me. They refunded all the purchases that were made. By the time I discovered this, the fraudulent user had made several big purchases of entire TV seasons. They also deactivated the Kindle so the person could no longer use it. …
I love Amazon. They make my life so much easier. What I do not like is them sending out extremely critical information pre-loaded onto Kindles. No one should be able to simply open a box and begin purchasing items on someone else’s credit card. I am lucky the user of the lost Kindle seemed to not really understand this because they didn’t begin purchasing anything until they were 3 days into it.
I am usually quite careful with my personal information, and it really bothered me that it was so available to someone else. I just wanted to let the Consumerist know about this so prospective buyers of Kindles or other electronic products can be wary of what is being stored in the device before you ever get your hands on it. …
This isn’t new info. The first week the Kindle Fire shipped this problem of the device being preconfigured for one click shopping for the purchasers Amazon account was reported – someone’s Kindle Fire was shipped and the shipper gave it to the wrong person.
I don’t have the reference handy but I thought Amazon fixed this. It might even have been reported here.
The fact that the Kindle is tied to an Amazon account and is just so darn easy to purchase something is a good reason to power up password protect the device. Even a simple four character password would probably be enough to deter an interloper from using a “found” Kindle from purchasing movies and such.
A Kindle has two pieces of personal information: the purchaser’s name and the Kindle email address. (Since the Kindle email address only allows reception from pre-approved addresses, that’s of little consequence.) Neither the owner’s address nor his/her credit card number is located on the device. I’m suspicious of the entire story because Amazon would have deactivated the device immediately after being notified that it was lost. The Consumerist should vet these stories before releasing them with little or no disclaimer.
Timothy is correct, address and credit card info are NOT stored on the device in any way. It’s true that the user could OneClick purchases but the actual data is not compromised unless the fradulent user somehow guesses the password for the Amazon account itself.
If a stolen device is a concern, don’t pre-register it, purchase it as a gift, then register it when you get it.
The name and address would have been on the package.
Common and Timothy: …except that the story (in the excerpt quoted above, in fact) points out that the purchases were made with OneClick and that the customer didn’t report it stolen until several days had passed.
This is a non-story and a waste of bandwidth. Since no credit card number is stored on the Kindle, the risk of loss to the customer is negligible. Any package or piece or mail could be stolen and result in a similar or greater loss.
@Dan: “This is a non-story and a waste of bandwidth. Since no credit card number is stored on the Kindle, the risk of loss to the customer is negligible.”
You seem to be missing the point.
If your Kindle is set up for OneClick shopping with Amazon, someone who comes into possession of your Kindle (however they do it) doesn’T NEED your credit card number to purchase things from Amazon and charge it to YOUR card. Sure, Amazon will eventually fix things — they’re normally good about such problems — but that doesn’t make it any better if you can’t use your card until they do fix it.
Also, If it’s a regular Kindle, and all they are doing is buying books… that might not seem like a big deal. But the problem here (though I don’t recall this outdated post on The Consumerist specifically says the type of Kindle ) is if it is a Kindle Fire, anyone in possession of it, until you can get Amazon to do something, they can buy anything they want from Amazon that you could have, using YOUR card.
And while a password on the device MIGHT (not sure how secure they are) protect you from the above if your Kindle is stolen, that wasn’t the issue in the original article. It was stolen BEFORE the purchaser took possession of it so it didn’t HAVE a password lock on it yet.
Not so simple now is it?
The Next Web has an article on 12/20/2011 about this very issue with the advice someone gave above.
“they can buy anything they want from Amazon that you could have, using YOUR card.”
FYI, the purchase of non-digital items requires that the password be entered.
Yes. Still sounds like a non-issue to me. Amazon wouldn’t send me a Kindle Fire all set up for one-click purchasing of physical items when I’m not even set up for that on my computer. Plus I’ve always found their customer service to be great, so I’m confident that they would promptly reverse any unauthorized digital purchases. Even the headline here (“someone can get your credit card info”) is misleading and, well, wrong.