• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Data Breach
  • Hacking
  • Hacker breached an Amazon server containing 80,000 login credentials

Hacker breached an Amazon server containing 80,000 login credentials

Pierluigi Paganini July 09, 2016

The hacker behind the Twitter account 0x2Taylor is claiming to have breached one of the Amazon servers containing 80,000 login credentials of Kindle users.

The hacker 0x2Taylor is claiming to have breached an Amazon server containing login credentials of Kindle users. As a proof the hack, the hacker leaked online more than 80,000 credentials belonging to Amazon users, he also explained that the company ignored his warnings about the existence of vulnerabilities in its servers.

0x2Taylor on Twitter, explained to the Daily Dot he had reported to Amazon the flaws three days ago, but without success.

Amazon data breach

The hacked server contained the 80,000 Amazon Kindle user data, including login credentials, city, state, ZIP code, phone number, and the IP address of the user’s last login.

0x2Taylor also confirmed to have verified the validity of the credentials, he also added that he asked $700 payment from Amazon, but the company doesn’t run a bounty program neither acknowledges the hacker’s attempts to contact the company.

“They’re a big company and they should have enough money to have the proper security defenses,” he added. “I was trying to prove them privately but they were ignoring my warnings,” “At this point I don’t really want to help them,” he said. “I think I’ve done enough damage as it is.”

The hacker shared screenshot of the information on Twitter before to upload the full database to the Mega cloud storage service.

0x2Taylor is the same hacker who took credit for the data breach suffered by the Baton Rouge police department after the shooting of Alton Sterling.

0x2Taylor suggested users to update their passwords as soon as possible, inviting them to do it regularly.

Let’s wait for a reply from Amazon. I personally consider useful for companies to operate a bounty program, a flaw reported by white hat hacker could allow any firm to save million of dollar losses resulting from a data breach.

 

UPDATE July 10th, 2016

I reached the Security Researcher at the Cylance SPEAR Team Brian Wallace (@botnet_hunter) for a comment:

“As a security researcher and an Amazon customer, I had a natural curiosity about the supposed breach. Upon inspecting the data, I found that the data did not match expectations of normal user data. The email addresses for the user accounts all appear to match the same format. The format consists of the first initial, then last name followed by a random sequence of letter and numbers. Additionally, all of the email addresses resided on only gmail.com, yahoo.com, or hotmail.com. Seeing that, I counted up the occurrences of each domain used, and found that of the three domains, each one showed up roughly one third of the time. This is not what one would expect to see in a data dump, but this is what one would expect to see if these three domains were picked at random 83,899 times. Given this evidence that the data was generated, I continued to look for further evidence that the information was not representative of legitimate users.

The data provides values for the “last IP” of the user, presumably representing the IP address of the user the last time they logged in. Upon inspecting the IP addresses, I found that a large majority of the IP addresses belong to ColoCrossing, a company which provides datacenters as a service. While it is likely that some Amazon users may be connecting from datacenters, one would expect that these would be the vast minority, and not the majority.

When inspecting the “user_agent” field, presumably the User Agent field provided by the web browser of the user the last time they logged in, I found this also did not represent legitimate user behavior. Similarly to the email domains, it appears that these user agents were picked from a short list at random, as the counts of each user agent were roughly equal. Normally, one would expect to some popular browsers, some unpopular browsers, and far more than 22 different user agents.

The passwords listed in the data are also not representative of legitimate users. All passwords appear to consist of random upper case letters and numbers, with no words and no occurrences of popular passwords. One may assume that some users may randomly generate passwords, but it is exceedingly unlikely that all 83,899 users generated passwords in the same way.

I have not tested any of these user accounts on Amazon.com as that could potentially incur legal risk.

Based on this evidence, I believe the data released is not representative of actual Amazon users, but instead this information was generated. It is not clear whether this information was generated by the individual who released the information, or if it was generated by a third party, and that information was then obtained by the individual who released it.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – hacking, data breach)

 


facebook linkedin twitter

0x2Taylor Amazon data breach Hacking

you might also like

Pierluigi Paganini July 26, 2025
Law enforcement operations seized BlackSuit ransomware gang’s darknet sites
Read more
Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

    Security / July 25, 2025

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT