Skip to main content

Kindle security flaw leaves Amazon account details vulnerable

A security flaw in Amazon's Kindle software could allow hackers to access your Amazon account details.

Benjamin Daniel Musser, a security researcher, discovered the issue, which arises when downloading e-books from websites other than Amazon itself.

Read more: Malicious ads target Amazon, Yahoo and YouTube users (opens in new tab)

The "Manage Your Kindle" page contains a security hole that can be exploited by attackers hiding malicious lines of code within e-books. Once the Kindle Library has been loaded with a corrupted e-book (usually with a subject containing:

Detailing the problem in a blog post (opens in new tab), Musser discovered the issue back in October 2013 and before reporting it to Amazon. The web giant did correct the security flaw initially, but it has since resurfaced following a "Manage Your Kindle" update. However, if users only download from trusted websites or Amazon itself, then the issue should be avoidable.

That being said, another Amazon-owned service, Audible, has had a security issue of its own recently. The audiobook service, which was acquired by Amazon in 2008, apparently allowed customers to use fake email addresses and credit card numbers in order to download files.

The service only checks payment details after a book has been downloaded, allowing users to renew their fake membership to receive more credits.

Read more: Amazon's Kindle Unlimited gets official launch (opens in new tab)

A spokesperson for the firm has moved to downplay the illegal transactions, claiming that purchases made with a fake card were "closed quickly" and that the company takes credit card fraud "very seriously."

Barclay has been writing about technology for a decade, starting out as a freelancer with IT Pro Portal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.