Huffpost Technology

Beware This Amazon Security Flaw: Site Accepts Wrong Passwords

Posted: Updated:

You may want to change your Amazon password.

A security flaw in the site allows users to log in with passwords that resemble, but do not match, their actual password.

The flaw, first discovered by a Reddit user, lets customers log-in with passwords that have extra characters attached after the eighth character. For example, if your password is 12345678, 12345678ack, or 12345678wow would all work.

The issue only affects older accounts, where the password has not changed over the past few years, according to Wired, suggesting that Amazon corrected the flaw for newer passwords, but not older ones.

For older accounts, simply changing your password will correct the flaw. Amazon has not yet released a response to the news. Wired advises, "The fix is straightforward for those with older passwords: Simply log on to, and change your password. You can even then change your new password back to your old password, and you'll magically be safer than you were before."

While you're changing your password, be sure to take a look at the worst passwords, and see what terms to avoid.

Around the Web

Amazon Security Flaw May Make Your Old Password Easy to Crack Security Flaw Accepts Passwords That Are Close, But Not Exact

Say Goodbye to All Those Passwords

Older Amazon passwords have an interesting flaw | Crave | CNET UK

From Our Partners