A post on Reddit a few days ago pointed out the security flaw on Amazon.com account. Since then the story was picked up by numbers of sites such as Wired.
Based on the posting on Reddit, changing the Amazon.com account password should fix the issue.
update5: changing the password clears this problem.
I have personally verified the fix/workaround. You should change your Amazon.com password now.
It is a pretty easy fix the customers can do but it would be much better if Amazon fix this on their server. I do not know how many customers Amazon has but I assume in high millions.
90025