Amazon is staying eerily quiet about its latest data vulnerability
With Black Friday, the busiest shopping day of the year, in our sights, Amazon has been hit with some sort of data breach or security vulnerability. Maybe. It’s being very tight-lipped about the matter.
Here’s what we know: Just two days before Black Friday, the world’s largest online retailer had a technical issue that allowed the names and email addresses of some of its customers to be viewable on its website. The company called this a “technical error” and reached out to the affected customers via email, but that only seemed to make matters worse.
“Hello,” read the email, sent out to an undisclosed but clearly significant number of customers on Wednesday, “we’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.”
This email has been criticised more than the actual technical fault. Most outcries have been around its brevity and, so far, it’s creating more questions than answers.
READ NEXT: The biggest data breaches of 2018
Amazon has neglected to comment further on the security issue and, as of now, we don’t know when the breach occurred, how many customers were affected, or whether the technical issue was internal or the result of a hack. Amazon’s recommendation to not change your password, as well as its weird sign-off as “http://Amazon.com” has left some customers wondering if the email really did come from the company.
Despite the lack of communication from Amazon so far, cybersecurity experts have started coming forward and suggesting that those affected should disregard Amazon’s suggestions and change their passwords anyway.
“Cyber-criminals can do a lot of damage with a large database of names and emails,” said Richard Walters, CTO of cybersecurity at CensorNet. “A large majority of people still use predictable passwords, and thanks to previous high-profile breaches many people’s passwords are also readily available on the dark web. For cyber-criminals, it then just becomes an exercise in joining the dots.”
Because of this incident’s close proximity to Black Friday, Amazon will likely try to keep it relatively quiet for now, but we’ll update you if anything new happens.