Re: I got nailed by this
It sounds to me that there is an additional issue with Amazon that allows the fraudsters to gain access to accounts and then the one being described in the article that allows them to retain it. Maybe an API that doesn't enforce timeouts for bad password attempts or they're vulnerable to MITM attacks or maybe have CSRF issues. There's definitely more to what happened than what is given in the article.