Amazon customers received an interesting email from Amazon informing them of a “technical error” that inadvertently exposed customers’ names and email addresses.
Many users who were sent the email assumed that the email itself was fake due Amazon using a http and not https link. However, customer support confirmed the email was legitimate.
The email is brief, does not contain an apology or admit responsibility, only that the error has been resolved and advises users that it isn’t necessary to change passwords — which is usually the first thing people should do after any kind of data breach.
Amazon's legit been sending out notices saying sorry we exposed your email address. Seems likely related to this https://t.co/21cRB2dHTk… Besides the brevity, what's giving people pause is they sign the email https://t.co/KDiteRFaeR Why cap the "a" and why no https://? Strange pic.twitter.com/mwty3GmCN1
— briankrebs (@briankrebs) November 21, 2018
However, the exposed information puts users at the risk of phishing attacks and could allow hackers to attempt to reset their accounts.
Amazon has made no comment on how many users were affected by the “technical error”, but we can see from Twitter that the email was sent to users in the United States, Europe, and here in Australia.
The only way to know if your email address has been exposed is by receiving the short email from Amazon’s customer service team.
The email does not say whether the information was accessed by a third party, it doesn’t state when the error happened, or how long the information was exposed.
Some are linking the “technical error” to related reports of Amazon firing employees for sharing customer emails with third-party sellers, but nothing can be confirmed with the scant information Amazon has released.
Amazon has not yet made any official announcement besides the emails which has not been received well by their users.