Amazon ‘Error’ Exposes Countless Customer Emails

Written by

Amazon is remaining tight-lipped after sending an email to an unknown number of customers revealing that a ‘technical error’ disclosed their email address.

There has been no further information from the online giant about the incident except to confirm that it had been fixed and that all affected customers had been informed.

The email itself, tweeted many times by concerned customers, claimed: “Our website inadvertently disclosed your email address due to a technical error.”

It went on to say: “This is not a result of anything you have done, and there is no need for you to change your password or take any other action.”

However, the information vacuum has led to speculation over the email.

One user, @PogoWasRight, branded the outreach “unsatisfactory.”

“For how long was my email address exposed? To whom was it exposed? The whole world? How did it wind up exposed? Could anyone seeing it also see orders linked to that email address?” they asked on Twitter.

Several other users complained that it appeared like a phishing email because of inconsistencies. For example, it’s not personalized and is signed off with “http://Amazon.com” — which is an insecure site, with an unusually capped “A.”

Researcher Brian Krebs has suggested the incident may be related to reports in early October of an Amazon employee being fired after sharing customer email addresses with an outside seller on its platform.

As the issue relates to Amazon.com, it’s unlikely to affect European citizens, but if that’s a possibility the firm would have had to come clean to the authorities of any serious breach within 72-hours of discovery.

The incident couldn't have come at a worse time for the e-commerce giant, just as Americans head into the Thanksgiving holidays when the online retailer will hope to make a fortune on the back of Black Friday and Cyber Monday.

What’s hot on Infosecurity Magazine?