What I would say is that Amazon's security is in keeping with the recourse their customers have in regards to the transactions Amazon conducts - i.e. credit cards have fraud protection and disputed charges can be challenged and the money refunded when fraudulent charges are made. Amazon has balanced costs, risks and benefits for their stockholders.
The wiping of the author's devices was purely due to the level of Apple's security - a level which Apple established based upon the interests of their stockholders. To hold Amazon to a standard which protects Apple's customers (as the article implies) just doesn't hold water - Apple implemented remote wipe, Amazon didn't.
You are absolutely right, the blame here really does fall on Apple. As the article mentions, the information they got from Amazon could have been obtained from a local pizza joint as well.
Even so, this seems like a decent way to compromise amazon accounts. Even though the danger involved when that happens is pretty minimal for the reasons that you mention, it should nevertheless be something that concerns them. Even just things like revealing purchase history is an issue, though of course unlikely to be a lifewrecker like the Apple situation. I can't imagine this process will work with them in a few days. All I meant to say is that they have something to fix, not that they share significant blame.
After some additional thought, I suspect that Amazon has an additional layer of security in the form of algorithms which flag suspicious account activity just as credit card companies do.
Based on the account, it appears that Apple does not - customer support call + password recovery + wipe iPhone + wipe iPad + wipe Macbook did not raise a flag.
Any user can take over my Amazon account in five minutes. That's a security flaw, period.
Yes this is 80% Apple's fault, but Amazon doesn't have the right to give up my credit card digits. They are not public information as suggested earlier; they are only public if I choose to make it so (e.g. by my usage patterns).
They aren't giving up enough information for anyone to use the credit card (which is your card provider's and Amazon's concern). They are only giving up information which Apple foolishly accepts as top-secret. The final four digits are printed on pretty much every receipt I get, and even using a shredder won't often separate them. TBH, Apple's reliance on the credit card number at all (let alone the last four digits) is pretty silly.
Yes, it's a flaw that you can get into someone's account. I was just saying that the credit card information being that available is not a big problem in my mind. Amazon clearly think the credit card should be kept more secure than the account, otherwise the whole number could be shown rather than just the last four digits, and I agree.
The wiping of the author's devices was purely due to the level of Apple's security - a level which Apple established based upon the interests of their stockholders. To hold Amazon to a standard which protects Apple's customers (as the article implies) just doesn't hold water - Apple implemented remote wipe, Amazon didn't.