Amazon data breach reveals customer details
Amazon data breach pre Black Friday | “Technical issue” causes customer data exposure on Amazon website. Amazon has suffered a significant data breach, causing customer names and email addresses to be disclosed on its website. The breach came during the run up to Black Friday, one of the busiest shopping periods of the year. The retail giant said it emailed affected customers, but would not provide further details on the numbers of people affected.
Email sent to affected customers
Customers who received the email were told:
Our website inadvertently disclosed your email address or name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done. ...and there is no need for you to change your password or take any other action. The impacted customers have been contacted.
Amazon said the issue was not a breach of its website or any of its systems, but a "technical issue" that had inadvertently revealed customer names and email addresses on its website. GDPR law requires Amazon to notify the Information Commissioner's Office (ICO) of any data breach. The ICO said it was monitoring the situation and commented:
It is always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. The ICO will, however, continue to monitor the situation and co-operate with other supervisory authorities where required.
Bad timing of Amazon data breach
The breach came at a bad time for Amazon. Black Friday normally takes place in the US around the Thanksgiving holiday. Many UK retailers also participate in what has become a multi-billion pound shopping day. Richard Walters, chief technical officer of CensorNet, said those affected should disregard Amazons’s advice and consider changing their passwords.
If the reports are correct, the information leaked – names and email addresses – is less significant than some of these other breaches, which saw card details leaked, ...However, it would be wrong to assume that this makes the breach inconsequential. Cyber-criminals can do a lot of damage with a large database of names and emails. A large majority of people still use predictable passwords, and thanks to previous high-profile breaches many people’s passwords are also readily available on the dark web. For cyber-criminals, it then just becomes an exercise in joining the dots.