Story image

Amazon customers irate after 'technical error'

22 Nov 2018

A ‘technical error’ was responsible for revealing some Amazon  customers’ names and email addresses – although many people worldwide are speculating that it could have been a data breach.

While Amazon isn’t giving too much away about what happened, reports suggest that the error exposed customer names and email addresses. It quickly informed the customers affected by the error and remedied the situation.

However, customers have been quick to point out that Amazon’s handling of the situation has been less than perfect. 

According to user posts on Amazon’s Seller Central forums, the content of the initial notification didn’t explain enough. The email says:

“Hello,

We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.

Sincerely, Customer Service”

As Amazon user ko_marketing puts it, “It’s as if a 10 year old composed the message.”

While it’s possible that Amazon doesn’t have information at hand about how many people were affected by the error or who could have seen the publicly available information, Amazon did not admit that lack of knowledge in its email.

Many have called out Amazon’s request for users not to change their passwords as a poor suggestion, particularly because it does nothing but raise further suspicion. Many users wondered whether the email was genuine or a phishing email.

Amazon also failed to disclose whether it has notified any regulatory bodies or national Computer Emergency Response Teams (CERTs) about the issue. This has also aggravated unhappy customers – and security experts.

We got the word from Ilia Kolochenko, CEO of web security company High-Tech Bridge about what it could mean:

“I wouldn’t hurry with premature conclusions until all technical details of the incident become clear. Based on the information currently available, it is technically incorrect to call this incident a “data breach”. This rather looks like an inadvertent programming error that made some details of Amazon’s profiles publicly available to random people,” says Kolochenko.   “Unfortunately, even such companies as Amazon are not immune from such omissions. Our IT systems become more convoluted and intricate every day, inevitably causing more human errors. Amazon’s reaction seems to be quite prompt, however an official statement would certainly be helpful to prevent any speculation and unnecessary exaggeration of the incident and its scope.”

It’s now up to Amazon to put users’ suspicions to rest and undertake some serious damage control.

Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.