• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Data Breach
  • Hacking
  • Hacker breached an Amazon server containing 80,000 login credentials

Hacker breached an Amazon server containing 80,000 login credentials

Pierluigi Paganini July 09, 2016

The hacker behind the Twitter account 0x2Taylor is claiming to have breached one of the Amazon servers containing 80,000 login credentials of Kindle users.

The hacker 0x2Taylor is claiming to have breached an Amazon server containing login credentials of Kindle users. As a proof the hack, the hacker leaked online more than 80,000 credentials belonging to Amazon users, he also explained that the company ignored his warnings about the existence of vulnerabilities in its servers.

0x2Taylor on Twitter, explained to the Daily Dot he had reported to Amazon the flaws three days ago, but without success.

Amazon data breach

The hacked server contained the 80,000 Amazon Kindle user data, including login credentials, city, state, ZIP code, phone number, and the IP address of the user’s last login.

0x2Taylor also confirmed to have verified the validity of the credentials, he also added that he asked $700 payment from Amazon, but the company doesn’t run a bounty program neither acknowledges the hacker’s attempts to contact the company.

“They’re a big company and they should have enough money to have the proper security defenses,” he added. “I was trying to prove them privately but they were ignoring my warnings,” “At this point I don’t really want to help them,” he said. “I think I’ve done enough damage as it is.”

The hacker shared screenshot of the information on Twitter before to upload the full database to the Mega cloud storage service.

0x2Taylor is the same hacker who took credit for the data breach suffered by the Baton Rouge police department after the shooting of Alton Sterling.

0x2Taylor suggested users to update their passwords as soon as possible, inviting them to do it regularly.

Let’s wait for a reply from Amazon. I personally consider useful for companies to operate a bounty program, a flaw reported by white hat hacker could allow any firm to save million of dollar losses resulting from a data breach.

 

UPDATE July 10th, 2016

I reached the Security Researcher at the Cylance SPEAR Team Brian Wallace (@botnet_hunter) for a comment:

“As a security researcher and an Amazon customer, I had a natural curiosity about the supposed breach. Upon inspecting the data, I found that the data did not match expectations of normal user data. The email addresses for the user accounts all appear to match the same format. The format consists of the first initial, then last name followed by a random sequence of letter and numbers. Additionally, all of the email addresses resided on only gmail.com, yahoo.com, or hotmail.com. Seeing that, I counted up the occurrences of each domain used, and found that of the three domains, each one showed up roughly one third of the time. This is not what one would expect to see in a data dump, but this is what one would expect to see if these three domains were picked at random 83,899 times. Given this evidence that the data was generated, I continued to look for further evidence that the information was not representative of legitimate users.

The data provides values for the “last IP” of the user, presumably representing the IP address of the user the last time they logged in. Upon inspecting the IP addresses, I found that a large majority of the IP addresses belong to ColoCrossing, a company which provides datacenters as a service. While it is likely that some Amazon users may be connecting from datacenters, one would expect that these would be the vast minority, and not the majority.

When inspecting the “user_agent” field, presumably the User Agent field provided by the web browser of the user the last time they logged in, I found this also did not represent legitimate user behavior. Similarly to the email domains, it appears that these user agents were picked from a short list at random, as the counts of each user agent were roughly equal. Normally, one would expect to some popular browsers, some unpopular browsers, and far more than 22 different user agents.

The passwords listed in the data are also not representative of legitimate users. All passwords appear to consist of random upper case letters and numbers, with no words and no occurrences of popular passwords. One may assume that some users may randomly generate passwords, but it is exceedingly unlikely that all 83,899 users generated passwords in the same way.

I have not tested any of these user accounts on Amazon.com as that could potentially incur legal risk.

Based on this evidence, I believe the data released is not representative of actual Amazon users, but instead this information was generated. It is not clear whether this information was generated by the individual who released the information, or if it was generated by a third party, and that information was then obtained by the individual who released it.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – hacking, data breach)

 


facebook linkedin twitter

0x2Taylor Amazon data breach Hacking

you might also like

Pierluigi Paganini July 08, 2025
Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant
Read more
Pierluigi Paganini July 08, 2025
U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

    Intelligence / July 08, 2025

    U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

    Hacking / July 08, 2025

    IT Worker arrested for selling access in $100M PIX cyber heist

    Cyber Crime / July 08, 2025

    New Batavia spyware targets Russian industrial enterprises

    Malware / July 07, 2025

    Taiwan flags security risks in popular Chinese apps after official probe

    Security / July 07, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT