That’s the trouble with those pesky data breaches…are they true, or not? In the case of the recent alleged attack on Amazon’s servers, we’re still not sure. But that doesn’t stop the news from circulating, or the consumer panic from setting in.
A hacker going by the Twitter handle @0x2Taylor began a series of tweets to the retail giant last week, warning of a security flaw in their servers and threatening to expose tens of thousands of users’ information online if they didn’t fix the security (okay, a semi-noble thing to say) and pay him a ransom of $700 (okay, a complete jerk thing to do). Unless this hacker somehow thought the few hundred dollars should serve as some kind of reward for discovering the vulnerability, that last part is pretty confounding.
Of course, if anyone on the planet doesn’t negotiate with terrorists due to their own belief that they’ve got the best security in
the world, it’s Amazon. They didn’t even respond to the threat, and the hacker allegedly uploaded more than 80,000 users’ information to Mega.
Here’s an interesting twist to the story: the information that was uploaded contained emails, passwords, street addresses, IP addresses, and phone numbers. All of that information is fairly innocuous as far as data breaches go, but there’s another aspect that’s causing security experts to raise a skeptical eyebrow: some of the information appears to be fake. There are already open rebuttals from security experts that the hacker just accessed some information from a previous data breach unrelated to Amazon or (even more likely) that he generated the information himself in order to make a quick buck. Among other things like fake phone numbers and street addresses that led to giant empty fields, all of the email addresses are either Gmail, Yahoo, or Hotmail addresses, and all of the passwords are really secure and random combinations of eight to eleven characters…meaning not a single “password1” in sight.
The only thing that really disputes the theory that he generated this data to extort money is the fact that the same hacker has taken responsibility for breaching the Baton Rouge Police Department servers and dumping the private information of its police force on the internet, a move he has stated was retaliation for the police killing of Alton Sterling. Amazon customers are still being cautioned to change their passwords, which is a good thing to do on a routine basis anyway.