Beware This Amazon Security Flaw: Site Accepts Wrong Passwords

01/29/2011 12:25 pm ET | Updated May 25, 2011

You may want to change your Amazon password.

A security flaw in the site allows users to log in with passwords that resemble, but do not match, their actual password.

The flaw, first discovered by a Reddit user, lets customers log-in with passwords that have extra characters attached after the eighth character. For example, if your password is 12345678, 12345678ack, or 12345678wow would all work.

The issue only affects older accounts, where the password has not changed over the past few years, according to Wired, suggesting that Amazon corrected the flaw for newer passwords, but not older ones.

For older accounts, simply changing your password will correct the flaw. Amazon has not yet released a response to the news. Wired advises, "The fix is straightforward for those with older passwords: Simply log on to, and change your password. You can even then change your new password back to your old password, and you'll magically be safer than you were before."

While you're changing your password, be sure to take a look at the worst passwords, and see what terms to avoid.

Suggest a correction