Amazon Slipup

[H2O]

As pointed out in our spam discussion forum (here) Amazon has a programming slip-up that allows any email address to be viewable, by any anonymous user, just by entering www.amazon.com/seller/nickname where "nickname" is a registered amazon users nick.

 

Try yours, for example. Or "Jeffbezos". To see the email, click on "view new seller profile page" and look carefully in the grey area at the bottom. This leak seems totally unrelated to any privacy settings you may have on your Amazon account.

 

Spammers with screen-scraping tools will take advantage of this within a heartbeat. Unhappy with a book review? feel free to flame the reviewer directly. It is disappointing that Amazon has not heeded complaints by more than one customer over this breach. Too busy handling the Xmas rush, perhaps?

 

News can be found here: http://www.dslreports.com/shownews/36680

 

The above snippet is from broadbandreports.com and as of time of posting this message I tried the URL on several different nicknames and sure enough I was able to access that person's data [e.g email address]

 

Quite scary!!

[ClayMeow]

eh, Amazon is overpriced anyways

[Special_K]

yea honestly i hate that place! <_< i figure if you need to buy a book go to barnes and noble. if they dont have it there, ebay lol.

Edited December 24, 2003 by Special_K

[H2O]

Actually I purchased some of my network hardware at Amazon for cheaper than at Newegg and that was including shipping!

 

Never know where the good deals might come from!

[Paranoid]

With all of the problems I've heard Amazon has had in the past, I' rather stick with NewEgg or independent retailers.

[Xtreme21]

Yah im not surprised, but that dies kinda suck...