CassandrichFeb 26

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

Show threadrugkFeb 26
@dalias ah that was the mail Amazon sent. They have sent and explained that in a mail…
Show threadCassandrich
@rugk They didn't explain that "third-party sellers" means "anyone who signs up for a seller account, possibly the same person as the 'buyer' who just wants to get your address".
Feb 26 at 8:12pmWeb