This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
After a person claiming to be a security researcher "declared war on the Baton Rouge police" and took credit for the data breach after the shooting death of Alton Sterling, he took aim at Amazon.
The data included names, addresses, passwords, user agents, IP addresses and more. He claimed, "When they first got Kindles and set them up, all their stuff was being logged and put into a database." 0x2Taylor sent Mic emails and passwords to try to "legitimize the breach."
0x2Taylor claims to have informed Amazon; he posted a screenshot to prove he had the data and attempted to extort $700 from Amazon in exchange for not disclosing the breach "because the attack was easy." He allegedly hoped this would push Amazon into implementing better secure measures.
Although he "personally" didn't want to leak the data, he said, "If I don't receive a payment from them the data will be posted online along with an older dump."
Amazon reportedly ignored his warning, so he uploaded the data to Mega cloud storage and tweeted a link to the leak.
He called Amazon "a big company and they should have enough money to have the proper security defenses." He added, "I was trying to prove [to] them privately but they were ignoring my warnings."
Tony Gambacorta, VP of operations at cybersecurity firm Synack, told Mic that the data seems to be legit.
Looking through the leaked information, Gambacorta said he was "definitely" able to see phone numbers, street addresses, email addresses, the last time a user logged in (7:33 p.m. on June 5th of this year, meaning this isn't old data), how many times that user tried to log in, how many times he successfully logged in and his login source IP address.
Yet Gambacorta called it more of a privacy issue than a security issue since it seems likely the passwords were "auto-assigned by a system." He added, "I wouldn't want to find my name on this list."
Dumped data for actual Kindle users or not?
I checked out the data, too, choosing five names at random. Google Maps placed three of the addresses in locations without houses, such as in the middle of the woods, or half way between two houses down a country road.
Sign up for CIO Asia eNewsletters.