Reddit users have discovered a security flaw on Amazon that lets you access an older account with an incorrect password. Commenters speculate that Amazon used the Unix crypt() function to encrypt certain passwords, truncating them to a maximum of eight characters long. Additionally, it's believed that Amazon converted all the passwords to upper-case before storing them on its servers.
We're finding the best Amazon automotive deals for Prime Day 2023 so you don't have to.
We've curated the Amazon automotive accessory deals you'll find on Prime Day 2023, which takes place on July 11 and 12.
The new entry-level series starts at only $199.
Yea I read about this on Reddit earlier this week, personally it's not a massive flaw if no one has an idea what your password string might be like, but if they had an idea that you use the same pass across the web and know the pass, then you're screwed. Since the gawker incident, I have gone across to using a unique pass per site. MY old one was complicated but I used it almost everywhere.
This is alarming, i do all my Online Shopping through Amazon & have around $200 in account all the time.
I have a really long and hard to remember password, but still, anyone can log into my Account, i hope Amazon fixes this Bug soon.
FTA: "In the meantime, you can mitigate the problem by going through Amazon's password change procedure. Your "new" password can be dentical to your old one, but it will be stored with improved security."
Simple fix. E-Mails need to be sent out containing this information.
My password was pretty long in hopes that it would be more secure, but maybe it isn't. :/ Though I did change it not to long ago.
I once left my account open at work once and someone bought hand soap with it :/