In the movies, the only thing a hacker needs to break into someone's account is a magic "hacking" program or a lucky guess at a password. Accounts in the real world are a bit tougher to tackle head-on, as long as you have a strong password and security question.
That's why hackers look for shortcuts, such as slipping a password-stealing virus onto your computer or social engineering. If you haven't heard the term, "social engineering" is just a fancy way of saying "lying to someone to get the information you need." Phishing emails and phone scams are two common examples. The latter is what seems to have happened at Amazon.
Eric Springer is an Amazon customer who claims that an unknown attacker has gotten his information, twice, because of Amazon's customer service staff. Spring claims that an impostor contacted Amazon customer service and, using very basic information about him, including an incorrect physical address, got more information about him, including his correct address.
Using that information, the imposter contacted Springer's bank and got it to issue a new copy of Springer's credit card. After Springer worked with the bank to get a new credit card, the imposter used the same trick to try and get Springer's new card number. Springer believes they eventually succeeded in getting at least the last four digits after a phone call with Amazon customer support.