Well, I could write down card numbers, but that would not prove anything would it. I had cards used exclusively on amazon.com for 3-4 years. Suddenly, one day, I got a report from my bank that my card number is among some numbers stolen in USA and they cancelled it. As I only used it with Amazon, I can only conclude that it must have leaked from there. Luckily, I did not lose any money, as the card was blocked by the bank immediately.

E-mail addresses are even better. At first I used an email I rarely used for anything else for some 4-5 years. The day I completed my first purchase on Amazon using this e-mail to open an account, was the day I got first spam message on it. And it kept flooding with more and more messages each day. Once it reached about 200+ spams a day, I decided to ditch the address and created a new one for myself and a specific new one on my domain for Amazon exclusively. It was amazn123894@[mydomain]. Anyway, when I got the first order using that e-mail, the same story happened. Now, I don't think hackers have a got a hold on the Amazon servers, it's more probable that you have employees selling the data. Especially since I never heard anything like this happening to some of my friends in western countries. I guess it's easy to decide that nobody would care or notice if a guy from eastern Europe gets screwed.

I'd really like to see Amazon's internal rules of data access clearance.