Amazon has emailed users to tell them that a “technical error” made their names and email addresses visible publicly on its website (via BetaNews).
Amazon declined to comment on how many users have been affected, and the only way to know if your email address has been exposed is by receiving one of the company’s surprisingly brief emails.
In these messages, Amazon says that the error has now been fixed, and it reassures users that it will not be necessary for them to reset their passwords.
However, the information exposed still presents dangers for customers: it puts them at risk of phishing attacks, and it could allow hackers to attempt to reset their accounts.
Amazon's legit been sending out notices saying sorry we exposed your email address. Seems likely related to this https://t.co/21cRB2dHTk… Besides the brevity, what's giving people pause is they sign the email https://t.co/KDiteRFaeR Why cap the "a" and why no https://? Strange pic.twitter.com/mwty3GmCN1
— briankrebs (@briankrebs) November 21, 2018
When contacted for comment, Amazon said that neither its website nor any of its systems had been breached and that it has “fixed the issue and informed customers who may have been impacted.” It did not reveal the number of accounts affected or which countries the users are located in. Twitter users across Europe and the United States have reported receiving the email, and forum posts suggest that the error affected consumer rather than business accounts on the platform.
Characterizing this as a “technical error” means that the incident is unlikely to be related to reports of Amazon firing employees for sharing customer emails with third-party sellers, but the lack of information makes it difficult to establish exactly what happened. We have reached out to the UK’s Information Commissioner’s Office, which Amazon would have needed to inform in the event of a breach, for comment.