Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hacker claims to have breached Amazon server, dumped data on nearly 84,000 Kindle users

Ms. Smith | July 11, 2016
A hacker claims to have breached an Amazon server containing info on over 80,000 Kindle users. Amazon ignored his $700 demand to keep quiet, so he leaked the data. But the list may not actually represent real Amazon users.

As for phone numbers for those five people, none of the calls connected; three gave an error message about the "number or code you dialed is incorrect," one had a weird fast busy signal, and the fifth resulted in "the person you called is unavailable right now."

All of the email addresses seem to be in a weird format, such as,, For each of the five names, the corresponding passwords wereway too random, too secure, ranging from 8 to 11 capital letters mixed with numbers. Of course, that was testing only five of the reportedly 83,899 individuals included in the data dump.

Brian Wallace, aka @botnet_hunter, is a security researcher and member of the Cylance SPEAR team. He examined the Amazon data and found quite a few problems. He believes"the data does not belong to legitimate users and there is no need for concern to Amazon users." The data has been generated, Wallace said, but he is not sure if it is "fake data or bot accounts."

Wallace told Security Affairs that the 83,899 email addresses "only resided on Gmail, Yahoo or Hotmail" and the passwords were "random upper case letters and numbers, with no words and no occurrences of popular passwords."

He added that the user agents also "did not represent legitimate user behavior" and appear to have been "picked from a short list at random." A large amount of the "last IP" addresses belong to ColoCrossing and at least some of the users would not have connected from a data center.

In other words, don't sweat it. Wallace concluded:

Based on this evidence, I believe the data released is not representative of actual Amazon users, but instead this information was generated. It is not clear whether this information was generated by the individual who released the information, or if it was generated by a third party, and that information was then obtained by the individual who released it.

Source: NetworkWorld


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.