Hacker releases Amazon Kindle user data after company fails to respond

Hacker releases Amazon Kindle user data after company fails to respond
A hacker going by the name Ox2Taylor released sensitive information about 80,000 Amazon Kindle users earlier this week after Amazon did not respond his warnings of a significant security risk within their servers.

Ox2Taylor says he tried to contact Amazon last week to tell them of the vulnerability but did not receive any response. He was seeking a $700 bounty from Amazon for revealing the vulnerability as well as an explanation on how to fix it. "They're a big company and they should have enough money to have the proper security defenses," he added.

In the database are usernames, passwords, address, phone number and IP address of over 80,000 users.

After a few days in which Amazon did not even acknowledge the bug, he released the whole list via a zipped file on the cyberlocker Mega. It has since been taken down. "I was trying to prove them privately but they were ignoring my warnings," he said.


Written by: Andre Yoskowitz @ 13 Jul 2016 22:06
Amazon Hacker
Advertisement - News comments available below the ad
  • Menion

    "He was seeking a $700 bounty" Not getting the money so throw a fit and compromise everyone elses information? Wish black hats like this could simply be disposed of, we could use a lot less of them.

    15.7.2016 21:27 #1

  • Bozobub

    Perhaps, but the idiot(s) who brushed him off are also part of the equation. Oops!

    17.7.2016 15:03 #2

  • SomeBozo

    Tough issue. I wonder who and how he contacted that people at Amazon. Working in Redmond, a lot of people i know moved from Microsoft over to Amazon. I know many Amazon developers and if then knew anything about a security hole, they would normally drop everything and ensure it is fixed/patched asap. Also in general i've know a few people if/when they find security holes in a MS product, and they handle the issue properly, as this guy said he tried to do, in the end the least amount i've heard people receiving was 2K US, for finding and reporting. I can't think Amazon would be different in this regard either. The couple of incidences I knew involving MS, the people never even asked to get paid at all, it was MS that wanted to say thanks and took it upon themselves to say thanks and reward the people.

    So it leaves me to wonder who this guy tried contacting, one of the outsource customer service reps in the Philippines?

    23.7.2016 15:23 #3

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud