Ox2Taylor says he tried to contact Amazon last week to tell them of the vulnerability but did not receive any response. He was seeking a $700 bounty from Amazon for revealing the vulnerability as well as an explanation on how to fix it. "They're a big company and they should have enough money to have the proper security defenses," he added.
In the database are usernames, passwords, address, phone number and IP address of over 80,000 users.
After a few days in which Amazon did not even acknowledge the bug, he released the whole list via a zipped file on the cyberlocker Mega. It has since been taken down. "I was trying to prove them privately but they were ignoring my warnings," he said.
Source:
DailyDot
Written by: Andre Yoskowitz @ 13 Jul 2016 22:06