Amazon has patched a flaw in the Amazon Photos app which could have allowed an attacker to steal and use a user’s unique access token that verifies their identity across multiple Amazon APIs.
That would give attackers access to a trove of information, since many of these APIs contain personal data, such as names, email addresses, and home addresses.
Amazon Photos, previously known as Prime Photos, is a service related to Amazon Drive, the company’s cloud storage application. To date, it has been downloaded more than 50 million times from the Play Store. The Photos app is geared towards the storing, organizing, and sharing photos and videos. read more here