Over the course of the last few days I’ve discovered what appears to be – or possibly to have been – a fairly notable potential security hole in the Amazon UK website (and possibly others, but I only use the UK site on a regular basis). I will go into detail below about the nature of the security hole and how I discovered it – but first I want to point out that I’ve been trying to cause the problem to manifest itself again today, and failing. This might mean that the problem – which appears to have been triggered on my own Amazon account in August 2010 – has already been fixed. It might also mean, however, that I simply haven’t been able to establish all the variables that caused it to happen.
In other words, the problem I am about to describe might already be fixed, or it might not. I have no way of knowing one way or the other.
I was planning to wait before publishing this, but I’ve decided to proceed because I am somewhat less than happy with Amazon’s response to my emails on the subject – details at the very end of this post.