Email and names of Amazon customers exposed due to ‘technical error’; number of affected users unknown

Yesterday, some Amazon customers received an email stating that their names and email addresses have been revealed due to a ‘technical error’. There have been several reports of this on the internet.

What is exposed?

Amazon said that the users need not change their passwords. Only the emails and names of the Amazon customers have been exposed. As per the information shared by Amazon, passwords and payment information like credit cards seem to be unaffected. The worst that could happen is that your email will get a bunch of spam emails.

The company did not reveal further information about the compromise. The number of affected users/email addresses and where this information is available is not known. Amazon told CNBC that the Amazon website and systems were not breached.

In a statement, Amazon said; “We have fixed the issue and informed customers who may have been impacted.”

The exact contents of the emails read:

Hello,

We’re contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.

Sincerely,

Customer Service

http://Amazon.com

What are people saying

A matter of surprise was that Amazon did not recommend changing the passwords of affected accounts. Also, the email signature had a capital A in the Amazon URL and had “http://” instead of “https://”.

Amazon customers are also concerned if the email originally was from Amazon due to the discrepancies in the email signature. Here are tweets displaying a chat with Amazon customer care. The responses from the Amazon customer care are also vague and they insist that the exposed information is not available publically.

Amazon sellers get customer information

A comment on Hacker News reads: “If you were one of my customers I looked at your house, judged your grass, found you on LinkedIn and Facebook, Instagram, mortgages, mugshots, everything lol. The sellers also get your full name and address even on fulfilled by Amazon.

This comment might be an exaggeration or an over-enthusiastic seller. Other sellers do confirm that the names and addresses are seen but not the emails. The Amazon terms of service also prohibits the sellers from contacting the customers directly for any other purpose than the order.

Another seller said that they get this to confirm the shipping address.

This is where EU seems better off with a GDPR article that says companies need to inform users of data breaches. But even that gives an option which says “describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects, approximate number of personal data records concerned,

So doesn’t look like Amazon intends to disclose any further information about this incident and assures that there is no need to worry.

This story appeared first on betanews after several Amazon customers reported it online.

Read next

Amazon splits HQ2 between New York and Washington, D.C. after a making 200+ states compete over a year; public sentiments largely negative

A new data breach on Facebook due to malicious browser extensions allowed almost 81,000 users’ private data up for sale, reports BBC News

Cathay Pacific, a major Hong Kong based airlines, suffer data breach affecting 9.4 million passengers



*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Prasad Ramesh. Read the original post at: https://hub.packtpub.com/email-and-names-of-amazon-customers-exposed-due-to-technical-error-number-of-affected-users-unknown/