As a reader of Reddit pointed out late last week, older Amazon account passwords are not case-sensitive and only read up to eight letters.
For example, say that your password is "beastmode24"--then the following combinations of passwords will also work: beastMODE24, beastmod, beastmode99, beastmodwhatever, beastmodI'LLSTEALYOURCREDITCARDINFO, etc.
Basically, if someone has a password breaker like the old ones that just try random numbers and letters until they get it right, then all it needs to do is get the first eight digits correct, then anything after that doesn't matter.
Amazon still hasn't published any information on the matter, and as the Reddit user ridethewave pointed out:
"Why can I login with variations of this password? Any combo of numbers on the end, both upper and lower case work, etc. I just had an impossible conversation with someone at Amazon who just couldn't understand what I was trying to explain."