Story image

Amazon customers irate after 'technical error'

22 Nov 18

A ‘technical error’ was responsible for revealing some Amazon  customers’ names and email addresses – although many people worldwide are speculating that it could have been a data breach.

While Amazon isn’t giving too much away about what happened, reports suggest that the error exposed customer names and email addresses. It quickly informed the customers affected by the error and remedied the situation.

However, customers have been quick to point out that Amazon’s handling of the situation has been less than perfect. 

According to user posts on Amazon’s Seller Central forums, the content of the initial notification didn’t explain enough. The email says:

“Hello,

We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.

Sincerely,
Customer Service”

As Amazon user ko_marketing puts it, “It’s as if a 10 year old composed the message.”

While it’s possible that Amazon doesn’t have information at hand about how many people were affected by the error or who could have seen the publicly available information, Amazon did not admit that lack of knowledge in its email.

Many have called out Amazon’s request for users not to change their passwords as a poor suggestion, particularly because it does nothing but raise further suspicion. Many users wondered whether the email was genuine or a phishing email.

Amazon also failed to disclose whether it has notified any regulatory bodies or national Computer Emergency Response Teams (CERTs) about the issue. This has also aggravated unhappy customers – and security experts.

We got the word from Ilia Kolochenko, CEO of web security company High-Tech Bridge about what it could mean:

“I wouldn’t hurry with premature conclusions until all technical details of the incident become clear. Based on the information currently available, it is technically incorrect to call this incident a “data breach”. This rather looks like an inadvertent programming error that made some details of Amazon’s profiles publicly available to random people,” says Kolochenko.
 
“Unfortunately, even such companies as Amazon are not immune from such omissions. Our IT systems become more convoluted and intricate every day, inevitably causing more human errors. Amazon’s reaction seems to be quite prompt, however an official statement would certainly be helpful to prevent any speculation and unnecessary exaggeration of the incident and its scope.”

It’s now up to Amazon to put users’ suspicions to rest and undertake some serious damage control.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.