If you came across a Kindle e-book download link from any suspicious sources or somewhere other than Amazon itself, check twice before you proceed download. As downloading an eBook could put your personal information at risk.
A security researcher has uncovered a security hole in Amazon’s Kindle Library that could lead to cross-site scripting (XSS) attacks and account compromises when you upload a malicious ebook.
The flaw affects the “Manage Your Content and Devices” and “Manage your Kindle” services in Amazon’s web-based Kindle Library, which could allow a hacker to inject and hide malicious lines of code into into e-book metadata, such as the title text of an eBook, in order to compromise the security of your Amazon account.
Gaining access to your Amazon account credentials is one of the biggest boons for hackers, as they can set-up new credit cards in your account or max out the current ones on file with some big Amazon purchases. Additionally, they could compromise your other online accounts with the help of those credentials and personal information contained in your Amazon account.
According to Mr Mussler, Amazon used his proof of concept attack code during its testing of the Manage your Kindle page and was surprised that an oversight suggests that the exploit is active. But, users who stick to e-books sold and delivered by Amazon are safe.
Thankfully, the exploit only affects users who download pirated eBooks from dubious sources, so don’t worry about adding an eBook to your Amazon shopping cart any time soon.