Amazon has emailed thousands of users to tell them their username and email address was leaked on their website. When contacted for comment, Amazon said that neither its website nor any of its systems had been breached and that it has “fixed the issue and informed customers who may have been impacted.” It did not reveal the number of accounts affected or which countries the users are located in.
Despite the exposure, Amazon told the affected customers they did not need to change their passwords. But even with just their names and emails exposed, people could attempt to reset their accounts or target their emails for phishing attacks.
In a customer forum, people who received the cryptic message from Amazon were surprised that the company did not recommend they reset their passwords and that the link to Amazon’s website in the email signature did not contain a secure link, which would contain “https” rather than “http.”
The disclosure from Amazon comes as it gears up for the busy holiday shopping season. The Seattle-based company is expected to grab as much as half of all online sales by the end of this year, according to Bain & Co.
Michael Kozlowski has been writing about audiobooks and e-readers for the past twelve years. His articles have been picked up by major and local news sources and websites such as the CBC, CNET, Engadget, Huffington Post and the New York Times. He Lives in Vancouver, British Columbia, Canada.