Story image

Amazon customers irate after 'technical error'

22 Nov 18

A ‘technical error’ was responsible for revealing some Amazon  customers’ names and email addresses – although many people worldwide are speculating that it could have been a data breach.

While Amazon isn’t giving too much away about what happened, reports suggest that the error exposed customer names and email addresses. It quickly informed the customers affected by the error and remedied the situation.

However, customers have been quick to point out that Amazon’s handling of the situation has been less than perfect. 

According to user posts on Amazon’s Seller Central forums, the content of the initial notification didn’t explain enough. The email says:

“Hello,

We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.

Sincerely,
Customer Service”

As Amazon user ko_marketing puts it, “It’s as if a 10 year old composed the message.”

While it’s possible that Amazon doesn’t have information at hand about how many people were affected by the error or who could have seen the publicly available information, Amazon did not admit that lack of knowledge in its email.

Many have called out Amazon’s request for users not to change their passwords as a poor suggestion, particularly because it does nothing but raise further suspicion. Many users wondered whether the email was genuine or a phishing email.

Amazon also failed to disclose whether it has notified any regulatory bodies or national Computer Emergency Response Teams (CERTs) about the issue. This has also aggravated unhappy customers – and security experts.

We got the word from Ilia Kolochenko, CEO of web security company High-Tech Bridge about what it could mean:

“I wouldn’t hurry with premature conclusions until all technical details of the incident become clear. Based on the information currently available, it is technically incorrect to call this incident a “data breach”. This rather looks like an inadvertent programming error that made some details of Amazon’s profiles publicly available to random people,” says Kolochenko.
 
“Unfortunately, even such companies as Amazon are not immune from such omissions. Our IT systems become more convoluted and intricate every day, inevitably causing more human errors. Amazon’s reaction seems to be quite prompt, however an official statement would certainly be helpful to prevent any speculation and unnecessary exaggeration of the incident and its scope.”

It’s now up to Amazon to put users’ suspicions to rest and undertake some serious damage control.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.