23 January 2019
Amazon has informed some customers on Wednesday that their names and email addresses had been "inadvertently disclosed" as a result of a "technical error," however they have declined to provide more details about the security incident.
The e-commerce giant has confirmed that it sent the messages, adding that it had "fixed the issue." Amazon hasn’t revealed how many of its users have been affected by the breach or how their emails have been exposed. The e-commerce giant has only stated that its website and other systems have not been breached.
Amazon's limited disclosure comes days before the Black Friday and Cyber Monday holiday shopping sales. The company estimates e-commerce sales of more than $123 billion (roughly Rs. 8.75 lakh crores), according to eMarketer. The company’s handling of the security lapse has drawn sharp criticism on social media. Some users have taken care of the company's forums to complain about Amazon's tight-lipped handling of the matter. "Who knows what they're not disclosing about this," wrote one user. "Hopefully nothing. . . ."
Amazon has stated its users that there's "no need for you to change your password or take any other action." However, users fear that hackers still might try to use their names and email addresses for nefarious purposes, like phishing scams.
In a statement, Amazon said, "We have fixed the issue and informed customers who may have been impacted."
Woke up to this email from Amazon. Cool...thanks for the technical error. "There is no need for you to change your password or take any other action." Well @AmazonHelp I'm changing my password anyway. #Amazon #AmazonEmail #TechnicalError pic.twitter.com/OAheQ4MPLD— A.C. Junior (@OfficialMisterC) November 21, 2018
This is not the first time when Amazon has run into problems. In Oct, the company had reportedly fired an employee who inappropriately shared customers' emails with a third-party seller. The company had stated that it has been working with law enforcement to investigate, and had messaged its customers indicating their email addresses had been exposed. Over the past year, tech giant Google and Facebook have seen more mishaps which have led to a leak in customers data. SEC had penalized Yahoo $35 million for the biggest data breaches in 2014.