Apparently someone managed to call Amazon's support, tricked and convinced them into changing my account's email, ordered something, and eventually proceeded to delete my entire account.

Now Amazon's support refuses to help me for data protection reasons 😂

Looks like it's enough to know someone's address to hijack their account.

Follow

@61 Just to be clear: the account got deleted by the hijacker, not by Amazon themselves. Seems it's a useful tactic to further complicate things for the rightful account holder.

@muesli I can only think of two things that happened here: human error or social engineering.

Social engineering, well, someone knows a lot about you. Home addresses, telephone numbers, emails, past purchases, full name, birth date, and so on, that they were able to pass all vital questions. Even the last 4 digits in your cards.

Human error — whoever that agent was did not follow protocols and procedures. In services where credt cards are involved and there were a certain total amount of purchases in the whole account (we call this "high paying/spending customer"), ALL information in your account must be answered correctly, and questions that no one else can ever know, like how many purchases you made, the dates, what was your first purchase, when did you create your account, etc., are also asked.

No form of social engineering can pass such a barrage of verification questions if the agent is doing their job properly. The sad thing here is, most human errors are due to stress, pushing one to their limits, their work environment itself, their work practices, not because the agent was sloppy and irresponsible. Unfortunately, the customers are the ones who suffer the most.

But if you do complain and request an escalation, it will be investigated. Here's the thing, accounts are rarely deleted. It always have some encrypted back up somewhere that will require papers of approvals to be retrieved and decrypted, and only one or two people can see. It is for cases like these. Once proven, especially if you are a high spender, the agent will be terminated and even face a court case and banned from the industry too. (That's how it is even if you say you don't want it to happen to the agent.)

But since the GDPR and mandatory total deletion laws, no records may exist for EU customers. That's the painful catch of the new EU laws. Totally no more records, not even in back-ups, for later investigations or recovery if needed.
Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!