Anyone else received one of these today? Have only used Amazon US a handful of times myself but it doesn’t inspire a lot of confidence with the lack of transparency they have for what was disclosed (and caused the fault)…not the best advertisement just before Black Friday sales 
Amazon US Data Leak / Technical Error
1 Like
I’ve shopped on there a few times but thankfully didn’t get any such email.
That’s a PR nightmare days before the Black Friday shenanigans start over there.
1 Like
I got an email from them overnight. Would have liked a little more info than “ooops, our bad. No need to change your password, though.”
2 Likes
1 Like
Yikes!!! Only goes to show how our love for technology can go against us. I didn’t get one of those emails.
1 Like
No specific knowledge but remember that this is a classic phishing method.
Never got that email. Maybe mine wasn’t one that was leaked.
For once maybe being in the UK is a blessing lol
I got this email last night. We need to hold Amazon accountable as sorry we screwed up isn’t enough
3 Likes
Be very very careful.
I see the email contains a link which is a classic way to phish. Someone can easily make something looking similar, ask you to login and then they know your password and can buy things like gift cards or deliver items to Amazon locker.
I thought the same when the email was delivered but the link and source code of the email does check out…Amazon certainly aren’t doing themselves many favours by being so caging on what has happened (or extent of what has happened)
I meant that Amazon’s email is itself not the direct risk but a high profile breach like this which impacted a subset of customers can easily then be used as a cover to then send phishing emails with links which steal your passwords.
E.g.
- step 1 find a vulnerability where you only get email addresses, no passwords, big enough deliberately to get noticed. Add your own email address as one of them
- step 2 wait for Amazon to notice and send out email, including to oneself
- step 3 is modify that official email and send it to all email addresses you have as most people have Amazon accounts anyway
- step 4 is wait for % idiots who click on email links and then get their Amazon passwords.
- step 5 steal.
What Amazon is doing is cooperation with this example method. Amazon doing step 2 including a valid link then are opening themselves up to step 4 to be greater as the “oh I seen this before reported and therefore is safe”.
This takes 3 idiots, 1) Amazon let some emails get out. 2) Amazon then react which is then the bait, and then 3) the person who click on links in email.
So ask yourself what could you do better. Well obviously sending out official email with no links whatsoever then makes the phishing email look different so the slightly less dumb users who compare can see that.