The credit card details of 98,000 customers may have been compromised in a web hack branded as "horrifying" by a leading security analyst.
Bibliofind, a subsidiary of e-tailer Amazon, has been partially shut down after it was discovered that unknown individuals had been accessing customer information on its server between October 2000 and February 2001.
The breach came to light after the website was defaced last week. Bibliofind is still running the site but is not handling financial transactions and has removed customer details.
"The big question is why did it take so long for Bibliofind to discover it?" asked Richard Stagg, senior security architect at Information Risk Management.
He explained that the decision to remove customer details from the site after the breach was discovered amounted to "shutting the stable door after the horse had bolted", adding that the scale of the breach would shatter confidence in e-tailing.
Bibliofind spokesman Jim Courtovich said that the hack had been reported to the FBI, and that all 98,000 customers would be informed by email.
He added that there was no evidence that any credit card details had been misused, and that customers were being warned as a precautionary measure.
Amazon said that it runs its operation on a totally different system and was not affected.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago