2007-07-29

Amazon Accounts

I have, for a while, suspected that I have more than one Amazon account associated with my main e-mail address. I've dismissed it as silliness, as, in no sane system, would this be possible, regardless of the fact that recommendations always seem to be incredibly similar.

After having all kinds of crazy things happen to my shopping basket today, I decided to have a poke around.

It appears that I do have two amazon accounts (or possibly more!) associated with my e-mail address, with different passwords. I can easily see this happening, as I have a set of ten or so passwords that I use for random websites, and just guess if I can't remember which it is for the current site.

Showing how "brilliant" their database design is, even though they allow two accounts with the same e-mail address, they check that there are no e-mail-address/password collisions:

"The e-mail address and password that you selected may not be used at this time. Please select a different e-mail/password combination below."

Which basically means "You've just sucessfully guessed someone else's password. Please log-into their account and buy stuff.".

Continuing, even worse, creating a new account with the same e-mail address as an existing account (with a different password, obviously) (note that this doesn't require access to the e-mail account in question) allows you to skim some details from the existing (or one of the existing) accounts. For instance, the "Change your name, e-mail address or password" seemingly always gives me the wrong name.

Dyoooooooooh.

Update:

You can use the "forgot password" form to see if you have more than one account ("We can't seem to identify you using your email address alone."), and the Wishlist Search to guess how many accounts you have.


Commenting is disabled for this post.

Read more of Faux' blog