Yesterday, some Amazon customers received an email stating that their names and email addresses have been revealed due to a ‘technical error’. There have been several reports of this on the internet.
Amazon said that the users need not change their passwords. Only the emails and names of the Amazon customers have been exposed. As per the information shared by Amazon, passwords and payment information like credit cards seem to be unaffected. The worst that could happen is that your email will get a bunch of spam emails.
The company did not reveal further information about the compromise. The number of affected users/email addresses and where this information is available is not known. Amazon told CNBC that the Amazon website and systems were not breached.
In a statement, Amazon said; “We have fixed the issue and informed customers who may have been impacted.”
The exact contents of the emails read:
“Hello,
We’re contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.
Sincerely,
Customer Service
http://Amazon.com”
A matter of surprise was that Amazon did not recommend changing the passwords of affected accounts. Also, the email signature had a capital A in the Amazon URL and had “http://” instead of “https://”.
Amazon customers are also concerned if the email originally was from Amazon due to the discrepancies in the email signature. Here are tweets displaying a chat with Amazon customer care. The responses from the Amazon customer care are also vague and they insist that the exposed information is not available publically.
A comment on Hacker News reads: “If you were one of my customers I looked at your house, judged your grass, found you on LinkedIn and Facebook, Instagram, mortgages, mugshots, everything lol. The sellers also get your full name and address even on fulfilled by Amazon.”
This comment might be an exaggeration or an over-enthusiastic seller. Other sellers do confirm that the names and addresses are seen but not the emails. The Amazon terms of service also prohibits the sellers from contacting the customers directly for any other purpose than the order.
Another seller said that they get this to confirm the shipping address.
This is where EU seems better off with a GDPR article that says companies need to inform users of data breaches. But even that gives an option which says “describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects, approximate number of personal data records concerned,”
So doesn’t look like Amazon intends to disclose any further information about this incident and assures that there is no need to worry.
This story appeared first on betanews after several Amazon customers reported it online.
Cathay Pacific, major Hong Kong based airlines, suffer data breach affecting 9.4 million passengers
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…