Amazon informed some customers about a security incident Wednesday that resulted in the exposure of their names and email addresses, a company spokesman confirmed to CyberScoop.
Amazon “fixed the issue” and has emailed customers who may have been affected, though the company declined to say how many users’ information may have been involved. The incident was not a breach of Amazon.com, the company said.
The news came just days before users from throughout the world will log onto the e-commerce site for Black Friday and Cyber Monday purchases.
“It would seem Amazon has some … security issues to resolve,” one user on Amazon’s seller forum complained Wednesday. “With such a vague email from Amazon who knows how our information was leaked and to whom.”
Amazon previously fired an employee who allegedly shared customer email addresses with a third-party seller, Gizmodo reported in October. But that issue does not appear to have been limited to a single employee. Before dismissing that employee Amazon also investigated whether its workers were leaking data in exchange for bribes, according to the Wall Street Journal.
Social media users also noticed that the email alerting customers to the latest incident Wednesday appeared to bring its own security risks.
Amazon's legit been sending out notices saying sorry we exposed your email address. Seems likely related to this https://t.co/21cRB2dHTk… Besides the brevity, what's giving people pause is they sign the email https://t.co/KDiteRFaeR Why cap the "a" and why no https://? Strange pic.twitter.com/mwty3GmCN1
— briankrebs (@briankrebs) November 21, 2018
Got an email from @Amazon concerning a "technical error" that exposed my email address. No need to change pwd or do anything, they say. All in all, very unsatisfactory disclosure. Exposed it to whom? For how long? How did this technical error occur?
— Dissent Doe, PhD (@PogoWasRight) November 21, 2018
Since @Amazon sent this from a no-reply address, I assume they want me to call them out in public.
To whom did you “inadvertently” disclose my email? I’m only mad if it was Keanu Reeves. If he’s got my email and he’s not blowing me up, I’ll be devastated. pic.twitter.com/36z0341ZrQ
— Sam Hooker (@SamHooker) November 21, 2018