Amazon kicked off some of America’s most intense shopping days on Wednesday by telling an undisclosed number of customers that their names and addresses were visible on the company’s website.
Amazon didn’t make an announcement of the problem. Instead, it emailed users it believes are affected that a “technical error” made their names and email addresses visible, The Verge reported.
Amazon did not reveal how many customers were affected, CNBC reported. Amazon did not explain how the information was made visible.
— Graham Cluley (@gcluley) November 21, 2018
As of Wednesday morning, the only way a customer could know if they were affected was if Amazon contacted them by email.
Amazon said that neither its website nor any of its systems had been breached and that it has “fixed the issue and informed customers who may have been impacted.”
Amazon told media seeking further details that it would not provide any additional details beyond its statement.
The messages tell users the error has now been fixed and they do not need to change passwords.
That was small comfort to many who posted about the incident on Twitter.
#AmazonDataBreach #AmazonEmail @amazon @AmazonHelp @AmazonUK Not exactly reassuring and would be interesting to see the extent of the breach and how it relates to GDPR. Think customers need an explanation & if their financial details have been compromised – you have duty of care pic.twitter.com/fk5kSs458D
— Katya von der Goltz King (@KatyavdGK) November 21, 2018
Woke up to this email from Amazon. Cool…thanks for the technical error. “There is no need for you to change your password or take any other action.” Well @AmazonHelp I’m changing my password anyway. #Amazon #AmazonEmail #TechnicalError pic.twitter.com/OAheQ4MPLD
— A.C. Junior (@OfficialMisterC) November 21, 2018
— Patty (@notenoughnamez) November 21, 2018
In its reporting, The Verge offered a caution.
“However, the information exposed still presents dangers for customers: It puts them at risk of phishing attacks, and it could allow hackers to attempt to reset their accounts,” it wrote.
The site TechCrunch found Amazon’s response lacking.
“Amazon’s reticence here puts those impacted at greater risk. Users don’t know which of Amazon’s sites was impacted, who their email address could have been exposed to, or any ballpark figure of the number of victims. It’s also unclear whether it has or plans to contact any government regulatory bodies,” it wrote.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.