The problem is with the way Amazon stores the password. The system first converts all of the letters to upper-case which makes â€œMyPaSsWd123â€ the same as â€œmypasswd123â€ or â€œMYPAsswd123.â€ Next, it strips off everything after the eighth character. What this means is that â€œMyPaSsWd123â€ is simply stored as â€œMYPASSWDâ€ in Amazonâ€™s systems. Knowing this information makes attacking the password a much easier task.
The issue is most likely due to the fact that Amazon was using an older crypt() function that takes only the first eight characters. This was common on UNIX servers where the username and password hash were stored in the /etc/passwd file. Newer implementations move the hash to a more secure location and allow longer passwords.
Time to change your password.