Pre-Black Friday, Amazon 'Technical Error' Exposes Customer Names, Emails
Amazon spent the day before Thanksgiving notifying certain users that their names and emails had been exposed due to a "technical error."
Users took to Twitter on Wednesday to share the contents of the email, which said the mega-popular e-commerce site inadvertently disclosed their email addresses. The emails also stated that the issue had been fixed, and no further action was required by users -- including changing their passwords.
"This is not a result of anything you have done, and there is no need for you to change your password or take any other action," said Amazon's customer service division.
[Related: Amazon Will Extricate Itself From Oracle Tech By 2020: Report]
While several users who received the emails complained that the message lack any details of the data breach, the notes indicate that Amazon is feeling confident that only usernames and email addresses where compromised, not user account information or passwords, said Ethan Simmons, managing partner of Boston-based Pinnacle Technology Partners, an Amazon Web Services (AWS) partner.
Regardless of the information being provided by Amazon, it wouldn't hurt anyone who received an email on Wednesday to update their passwords, Simmons said.
"It's prudent for anyone to make sure they have a good password policy. As a Prime member, I'd probably change my password," he said.
Amazon, for its part, said that its website and systems were not breached. Amazon did not return CRN's request for comment before publication time.
On Twitter, several users said they would be changing their passwords regardless, noting concerns that bad actors could target the exposed emails for phishing attacks, or attempt to reset a user's account. Users also voiced concerns that that the link to Amazon's website in the email signature did not contain a secure link, which would contain "https" instead of "http."
Pinnacle Technology Partners, which offers cloud migration and data security services to its end customers, believes that no company is above getting hacked.
"Our take with customers is you are going to hacked. Your best protection is to have a have plan in place, and the right process and procedures to ensure that when an event takes place, you can remediate quickly," Simmons said.