Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hacker claims to have breached Amazon server, dumped data on nearly 84,000 Kindle users

Ms. Smith | July 11, 2016
A hacker claims to have breached an Amazon server containing info on over 80,000 Kindle users. Amazon ignored his $700 demand to keep quiet, so he leaked the data. But the list may not actually represent real Amazon users.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

amazon logo

After a person claiming to be a security researcher "declared war on the Baton Rouge police" and took credit for the data breach after the shooting death of Alton Sterling, he took aim at Amazon.

hacker claims amazon failed to secure kindle users info

In a Twitter direct message, hacker @0x2Taylor told Mic the he and a buddy "'breached a server' owned by Amazon that contained database files with more than 80,000 Kindle users' information."

The data included names, addresses, passwords, user agents, IP addresses and more. He claimed, "When they first got Kindles and set them up, all their stuff was being logged and put into a database." 0x2Taylor sent Mic emails and passwords to try to "legitimize the breach."

0x2Taylor claims to have informed Amazon; he posted a screenshot to prove he had the data and attempted to extort $700 from Amazon in exchange for not disclosing the breach "because the attack was easy." He allegedly hoped this would push Amazon into implementing better secure measures.

Although he "personally" didn't want to leak the data, he said, "If I don't receive a payment from them the data will be posted online along with an older dump."

breached server with 84k amazon kindle users info

Amazon reportedly ignored his warning, so he uploaded the data to Mega cloud storage and tweeted a link to the leak.

He called Amazon "a big company and they should have enough money to have the proper security defenses." He added, "I was trying to prove [to] them privately but they were ignoring my warnings."

Tony Gambacorta, VP of operations at cybersecurity firm Synack, told Mic that the data seems to be legit.

Looking through the leaked information, Gambacorta said he was "definitely" able to see phone numbers, street addresses, email addresses, the last time a user logged in (7:33 p.m. on June 5th of this year, meaning this isn't old data), how many times that user tried to log in, how many times he successfully logged in and his login source IP address.

Yet Gambacorta called it more of a privacy issue than a security issue since it seems likely the passwords were "auto-assigned by a system." He added, "I wouldn't want to find my name on this list."

Dumped data for actual Kindle users or not?

I checked out the data, too, choosing five names at random. Google Maps placed three of the addresses in locations without houses, such as in the middle of the woods, or half way between two houses down a country road.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.