CassandrichFeb 26

PSA: The Amazon wishlist doxing threat is much greater and more immediate than folks might realize. Attack works like this:

Stalker who wants your address opens an Amazon seller account and lists themselves as a third party seller for any item on your public wishlist. Then, they order the item from themselves as a gift for you. Bam, they have your address.

In particular, attack does not depend on an existing third party seller having poor PII handling hygiene, like the articles have implied.

Show threadCassandrichFeb 26
The only mitigations are refraining from using public wishlists entirely (set any wishlists you may have to private) or using a PO box or reshipping service to conceal your real physical/final address.
Show threadRay McCarthyFeb 26
@dalias
Never make a "wishlist" public, or share it.
Show threadDarwin WoodkaFeb 26

@raymaccarthy @dalias

That would be nice, but a lot of people are using them as teachers for classroom supplies now or charities using them to get donations of supplies they need.

Show threadRay McCarthyFeb 26
@darwinwoodka @dalias
They can share what they need as an item that the donor buys? No need to share an account's "wishlist".
Show threadMatthew Miller

@raymaccarthy @darwinwoodka @dalias

That's.... what a "wishlist" _is_.

Feb 27 at 1:48amWeb