Published on July 10th, 2016 | 1,279 views
80k Amazon Users’ Passwords and Personal Information Leaked Amazon Kindle Servers Breached
Hacker claims to have breached an Amazon server containing 80,000 login credentials
A hacker going under the alias of ‘0x2Taylor’ claims to have breached an Amazon server, which comprises of more than 80,000 usernames and passwords of Kindle users. The hacker release the information after the online retail giant failed to pay attention to his warnings about vulnerabilities in its servers. 0x2Taylor is the same hacker who took credit for the data breach suffered by the Baton Rouge police department after the shooting of Alton Sterling.
I am amazon, i fail at securing data for 80K users. i ignore warnings. be like me today ~ #0x2Taylor
In a Twitter direct message, he said that he and a friend “breached a server” owned by Amazon that contained database files with more than 80,000 Kindle users’ information.
“When they first got Kindles and set them up, all their stuff was being logged and put into a database,” @0x2Taylor said. He added that the database includes a user’s email, password, city, state, phone number, zip code, user-agent, LastLoginIP, Proxy IP and street.
0x2Taylor also confirmed to have verified the validity of the credentials. He also added that he asked $700 payment from Amazon not to disclose it (which was ignored), that is when he posted a screenshot of the data to prove ownership of it.
“Personally I don’t want to leak the data,” he said.
He tweeted a screenshot of the leaked information to Amazon at 9:35 a.m. Eastern. At 10:17 a.m., he said in a direct message, “It’s going up now. They’re ignoring me.”
“They’re a big company and they should have enough money to have the proper security defenses,” he added. “I was trying to prove them privately but they were ignoring my warnings.”
With the information now available publicly, 0x2Taylor said he’s no longer seeking any contact with Amazon. “At this point I don’t really want to help them,” he said. “I think I’ve done enough damage as it is.”
He posted a screenshot of the information on Twitter before finally uploading the full database to the cloud storage service Mega cloud storage service.
@0x2Taylor hopes that this will prompt Amazon to implement better security measures to prevent these types of attacks against their systems.
0x2Taylor acknowledged the potential harm the information could have to those who appear in the database, stating that “the data in there could be classed as sensitive.” He suggested users to update their passwords as soon as possible, inviting them to do it on a regular basis.
Not too long ago, Amazon reset a whole load of users’ passwords because they had not been stored correctly (although there is no proof that it was leaked publicly); however, this breach looks far more severe.