Amazon Suffers Security Breach; 80,000 Login Credentials Leaked (Updated)

Hacker leaked 80,000 Amazon Kindle login credentials because the company wouldn’t respond to his security report!

A hacker going by the online handle of 0x2Taylor has claimed to breach the servers of electronic commerce giant Amazon ending up leaking login credentials of 80,000 users.

The 597.4 MB leaked data includes usernames and encrypted passwords of Amazon Kindle users. The hacker states he targeted Amazon as the firm did not reply or pay any attention to his reports aiming at critical security flaws in their server. Earlier, 0x2Taylor also claimed responsibility for conducting a cyber attack on Baton Rouge police department when Alton Sterling was fatally shot by two of the city’s police officers.

While talking with Mic, the hacker said “When they first got Kindles and set them up, all their stuff was being logged and put into a database that includes a user’s email, password, city, state, phone number, zip code, user-agent, LastLoginIP, Proxy IP and street.”

Amazon-kindle-servers-breached-hacked-2
Screenshot from the leaked data

0x2Taylor also revealed that he asked Amazon a sum of $700 and in return, he assured that the data will not be leaked however just like the vulnerability report Amazon also ignored his offer and in return he leaked the massive data dump on Mega.nz for anyone to download it.

This is not the first time when Amazon had their server breached. In November 2015, Amazon started sending out emails to its users asking for a quick password reset, the reason was a possible breach of some of the users’ credentials.

Though Amazon has its own bug bounty and vulnerability reporting program yet it is unclear why the firm did not respond to the hacker. We have contacted Amazon and upon their reply, we will update this article.

Update: (4:15 PM Monday, July 11, 2016, Greenwich Mean Time (GMT)

We requested Israeli data mining company Hacked-DB for a quick data check and based on their findings it seems that the user accounts are valid but the compromised passwords are not actually passwords rather they are session keys which reside in the Amazon cookie data. The researchers also analyzed the data and compared it with the current Amazon cookies, and the structure of the data is exactly as can be seen in the data breach, however, they cannot verify where the attack came from; perhaps it could have been compromised by a log file that resides on a hacked server or from an MITM attack in a malicious website.

The data could be compromised by a log file that resides on the hacked server, or from a man in the middle (MITM attack) in a malicious website. In addition, researchers have detected 53,601 cookies that belong to Rubicon Project, an online advertising technology firm based in Los Angeles, California (rubiconproject.com). We can also confirm that the data was extracted from an Azure platform. 

Newest Sales

Written by Agan Uzunovic

Agan Uzunovic is a Bosnian journalist who is working for the country's largest newspaper. He has a keen interest in reporting on activism and hacktivism. He is also a contributor at U.S based Revolution News media. Agan reports and writes for HackRead on IT security related topics.