11 Jul 2016
When Amazon didn’t take a hacker’s warnings of vulnerabilities seriously, he released the usernames ad passwords to over 80,000 of their users. The hacker, who goes by the handle ox2Taylor, claims to have beached one of the retailer’s servers. After attempting to contact Amazon to notify them and getting no response, he felt the best way to draw attention to the problem was release the information.
The server apparently contained personal data of over 80,000 Amazon Kindle users. Within this information was usernames, passwords, addresses, phone numbers, and the IP address from their most recent login.
According to ox2Taylor, he requested $700 in order to point out the security flaw and how to correct it. Unlike most other major sites, Amazon does not have a bug bounty program, though it does have a page for reporting and will give gifts to those that do, but no cash.
Feeling that drawing attention to Amazon’s security issue was more important that the privacy of the user’s whose information was published, ox2Taylor released the data. When asked about how the release of this information would affect the users involved, he suggested they update their passwords and do so regularly.