amazonlogo01.jpg
And the reason seems alarmingly stupid.

As a reader of Reddit pointed out late last week, older Amazon account passwords are not case-sensitive and only

"/>

Amazon's Older Account Passwords Are a Hacker's Dream Come True

amazonlogo01.jpg
And the reason seems alarmingly stupid.

As a reader of Reddit pointed out late last week, older Amazon account passwords are not case-sensitive and only read up to eight letters.

For example, say that your password is "beastmode24"--then the following combinations of passwords will also work: beastMODE24, beastmod, beastmode99, beastmodwhatever, beastmodI'LLSTEALYOURCREDITCARDINFO, etc.

Basically, if someone has a password breaker like the old ones that just try random numbers and letters until they get it right, then all it needs to do is get the first eight digits correct, then anything after that doesn't matter.

Amazon still hasn't published any information on the matter, and as the Reddit user ridethewave pointed out:

"Why can I login with variations of this password? Any combo of numbers on the end, both upper and lower case work, etc. I just had an impossible conversation with someone at Amazon who just couldn't understand what I was trying to explain."

So what can be done?

Despite Amazon's silence on the matter, it seems that the answer is simply to change your password.

New passwords are seemingly exempt from the code flaw.

Why it takes a bunch of customers to point this out and not Amazon itself is beyond us.

 
comments powered by Disqus