[FALSE] 80,000 Amazon Login Credentials Leaked

geekmaster · 08-10-2016, 01:47 PM

https://www.hackread.com/amazon-suff...curity-breach/

"HACKER LEAKED 80,000 AMAZON KINDLE LOGIN CREDENTIALS BECAUSE THE COMPANY WOULDN’T RESPOND TO HIS SECURITY REPORT! A hacker going by the online handle of 0x2Taylor has claimed to breach the servers of electronic commerce giant Amazon ending up leaking login credentials of 80,000 users. ... When they first got Kindles and set them up, all their stuff was being logged and put into a database that includes a user’s email, password, city, state, phone number, zip code, user-agent, LastLoginIP, Proxy IP and street. ... This is not the first time when Amazon had their server breached. In November 2015, Amazon started sending out emails to its users asking for a quick password reset, the reason was a possible breach of some of the users’ credentials. Though Amazon has its own bug bounty and vulnerability reporting program yet it is unclear why the firm did not respond to the hacker."

AnemicOak · 08-10-2016, 03:41 PM

Another posting on this...
http://securityaffairs.co/wordpress/...on-server.html

Quote:

I reached the Security Researcher at the Cylance SPEAR Team Brian Wallace (@botnet_hunter) for a comment:

... SNIP...

Based on this evidence, I believe the data released is not representative of actual Amazon users, but instead this information was generated. It is not clear whether this information was generated by the individual who released the information, or if it was generated by a third party, and that information was then obtained by the individual who released it.

So was it a real breach or???

HarryT · 08-10-2016, 04:32 PM

The article suggests not.

barryem · 08-10-2016, 06:51 PM

The article seems to criticize Amazon for not paying $700 to prevent the release of the data. Personally, if I understand this situation correctly, I think Amazon was right. Paying blackmailers just invites more of them.

Barry

NullNix · 08-11-2016, 06:21 AM

Quote:

Originally Posted by barryem

The article seems to criticize Amazon for not paying $700 to prevent the release of the data. Personally, if I understand this situation correctly, I think Amazon was right. Paying blackmailers just invites more of them.

Barry

Paying blackmailers who made up data and blackmailed you with stuff that isn't even blackmail-worthy, doubly so. (Is fraudulent extortion a worse crime than extortion?)

HarryT · 08-11-2016, 07:17 AM

Expecting a large company to react to something in less than 3 days is also somewhat unrealistic. This was not at all a professional way for someone who claims to have discovered a security hole to behave; the way that "Branch Delay" handled the situation is an exemplary example of how to do it right.

Zeebra · 08-11-2016, 08:44 AM

I use 2-factor authentication with my Amazon account, so even if someone manages to get your password, they still can't login to your account unless they have the specific token generated and sent to your phone. I recommend everyone to set this up on your accounts.

HarryT · 08-11-2016, 09:21 AM

Quote:

Originally Posted by Zeebra

I use 2-factor authentication with my Amazon account, so even if someone manages to get your password, they still can't login to your account unless they have the specific token generated and sent to your phone. I recommend everyone to set this up on your accounts.

How does one do this?

AnemicOak · 08-11-2016, 10:49 AM

Quote:

Originally Posted by HarryT

How does one do this?

https://www.amazon.com/gp/help/custo...deId=201596330
https://www.amazon.com/gp/help/custo...deId=201962420

But, I don't know if it's available on Amazon UK yet.

An earlier workaround for the UK...
http://www.techworld.com/security/ho...y-now-3631955/

HarryT · 08-11-2016, 11:17 AM

Thanks, Brian. No, it's not officially available on Amazon UK, and I'd rather not try to fool Amazon's systems when it comes to account security.

Barbara1955 · 08-13-2016, 04:01 PM

This thread is no more that Propaganda! And the PTB should DELETE the Whole thread.

Cinisajoy · 08-13-2016, 06:00 PM

Quote:

Originally Posted by Katie1

This thread is no more that Propaganda! And the PTB should DELETE the Whole thread.

Well then why don't you report it instead of saying the PTB need to delete it.
And I haven't seen any PTB here. I have seen a few mods.

Should I ask what a PTB is? Anything close to the PTL which my tablet wanted to write?

JaneD · 08-13-2016, 06:15 PM

Quote:

Originally Posted by Cinisajoy

Well then why don't you report it instead of saying the PTB need to delete it.
And I haven't seen any PTB here. I have seen a few mods.

Should I ask what a PTB is? Anything close to the PTL which my tablet wanted to write?

I believe it's the "Powers That Be" - i.e. the Mods.

Cinisajoy · 08-13-2016, 06:19 PM

Quote:

Originally Posted by JaneD

I believe it's the "Powers That Be" - i.e. the Mods.

I was thinking Pink Teddy Bears.
Though it is possible I have been on here too long today.

geekmaster · 08-14-2016, 12:57 AM

Quote:

Originally Posted by Cinisajoy

Well then why don't you report it instead of saying the PTB need to delete it. ...

I think somebody wants to PTB to the PTBs.

08-10-2016, 01:47 PM	#1
geekmaster Carpe diem, c'est la vie. Posts: 6,433 Karma: 10773668 Join Date: Nov 2011 Location: Multiverse 6627A Device: K1 to PW3	[FALSE] 80,000 Amazon Login Credentials Leaked https://www.hackread.com/amazon-suff...curity-breach/ "HACKER LEAKED 80,000 AMAZON KINDLE LOGIN CREDENTIALS BECAUSE THE COMPANY WOULDN’T RESPOND TO HIS SECURITY REPORT! A hacker going by the online handle of 0x2Taylor has claimed to breach the servers of electronic commerce giant Amazon ending up leaking login credentials of 80,000 users. ... When they first got Kindles and set them up, all their stuff was being logged and put into a database that includes a user’s email, password, city, state, phone number, zip code, user-agent, LastLoginIP, Proxy IP and street. ... This is not the first time when Amazon had their server breached. In November 2015, Amazon started sending out emails to its users asking for a quick password reset, the reason was a possible breach of some of the users’ credentials. Though Amazon has its own bug bounty and vulnerability reporting program yet it is unclear why the firm did not respond to the hacker."

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
A Leaked Contract Reveals that Amazon Insists on DRM	DonaldL.	News	41	10-25-2013 09:54 AM
Amazon Launches 'Login and Pay with Amazon' for a Seamless Buying Experience	DreamWriter	News	7	10-10-2013 02:06 PM
rating:false works but ISBN:false does not?	rahlquist	Calibre	2	06-01-2012 03:48 PM
Amazon Kindle 2 info, photos leaked	igorsk	News	104	10-09-2008 12:13 PM

08-10-2016, 04:32 PM	#3
HarryT eBook Enthusiast Posts: 85,544 Karma: 93383043 Join Date: Nov 2006 Location: UK Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6	The article suggests not.

08-10-2016, 06:51 PM	#4
barryem Wizard Posts: 2,459 Karma: 68781975 Join Date: Oct 2012 Location: Arkansas Device: Paperwhite 4	The article seems to criticize Amazon for not paying $700 to prevent the release of the data. Personally, if I understand this situation correctly, I think Amazon was right. Paying blackmailers just invites more of them. Barry

08-11-2016, 07:17 AM	#6
HarryT eBook Enthusiast Posts: 85,544 Karma: 93383043 Join Date: Nov 2006 Location: UK Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6	Expecting a large company to react to something in less than 3 days is also somewhat unrealistic. This was not at all a professional way for someone who claims to have discovered a security hole to behave; the way that "Branch Delay" handled the situation is an exemplary example of how to do it right.

08-11-2016, 08:44 AM	#7
Zeebra Evangelist Posts: 461 Karma: 956567 Join Date: Oct 2010 Location: Toronto, Canada Device: Kindle Oasis 3	I use 2-factor authentication with my Amazon account, so even if someone manages to get your password, they still can't login to your account unless they have the specific token generated and sent to your phone. I recommend everyone to set this up on your accounts.

08-11-2016, 11:17 AM	#10
HarryT eBook Enthusiast Posts: 85,544 Karma: 93383043 Join Date: Nov 2006 Location: UK Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6	Thanks, Brian. No, it's not officially available on Amazon UK, and I'd rather not try to fool Amazon's systems when it comes to account security.

08-13-2016, 04:01 PM	#11
Barbara1955 Non-Techy Posts: 4,454 Karma: 15499273 Join Date: Feb 2011 Location: WV---USA Device: Samsung Cell Phone & Amazon Fires & Kobo eReaders	This thread is no more that Propaganda! And the PTB should DELETE the Whole thread.

Advert

Advert