Amazon warns customers it leaked their names and email addresses

[allheart55 Cindy E]

 

 

Was the email really from Amazon?

 

Most of the people who forwarded it to me thought the message was suspicious. Why wouldn’t Amazon refer to them by name rather than just saying “Hello”? Why was there a link to the http (rather than https) version of Amazon’s website? How could they possibly issue an advisory like this about a security breach without offering more information about what had happened and over what time period, and where folks could find out more? Why was there no link to some kind of confirmation on Amazon’s own website?

 

It all seemed very odd. I publicly wondered whether perhaps scammers had made a mistake by forgetting to include a link to a phishing site.

 

Well, as The Register found out, despite appearances the email did *really* come from Amazon.

 

All Amazon’s PR team is prepared to say, however, is an utterly detail-free repetition of the content of the email:

 

“We have fixed the issue and informed customers who may have been impacted.”

 

So we don’t know what happened, we can’t assess how serious it is, we can’t tell you how many customers are affected, or why Amazon sent out such a suspicious-looking email in the first place.

 

Unsurprisingly, customers aren’t impressed.

 

Source: Graham Cluley

[Tony D]

I received one of those emails.

[AWS]

I didn't get one. Maybe I wasn't affected.

[allheart55 Cindy E]

I didn't get one either.

[plodr]

None here but then I didn't buy anything on Amazon in November.

[Rustys]

Why does it say http and not https?