Amazon has dispensed emails to thousands of customers in Canada, the United Kingdom and the USA forcing them to change their passwords. This was done via your registered email address associated with your Amazon account, but also in your Amazon Account Message Center.
The content of the email heavily depended on what country you live in. US customers were told that Amazon “recently discovered that your password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party.” It adds: “We have corrected the issue to prevent this exposure.”
Canadian customers were told something completely different, maybe shedding light on the entire situation “At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites.”
Last month Amazon introduced Two-Step Authentication which adds an extra layer of security for US customers. However it has not been enabled on Canadian or UK accounts.