Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon Has Emailed an Unspecified Number of Customers To Inform Them That Their Names and Addresses Were Disclosed by the Website, Blames 'Technical Error' (betanews.com)

Posted by msmash on from the ooops dept.

If you have received a strange email from Amazon today, you're not alone. A number of customers on Wednesday received an email from the company in which it notes that it "inadvertently disclosed your name and email address due to a technical error." The company confirmed to BetaNews that the emails are genuine, but did not discuss the nature and severity of the technical error and how many customers are impacted. The technical error impacted customers in the United States as well as United Kingdom. It remains unclear if customers elsewhere were affected too. In a statement, the company said, "We have fixed the issue and informed customers who may have been impacted."

31 comments

  1. Oopsies! by BringsApples · · Score: 1

    But it's ok because no one's data is private. Besides, what recourse do we have? And is this even a big deal to anyone anymore?

    --
    Politics; n. : A religion whereby man is god.
    1. Re:Oopsies! by Anonymous Coward · · Score: 0

      So someone shot someone, then beat them with a bat.
      So emailing (which isn't secure - it's text-in-the-clear) people that
      their info has been compromised is the double whammy
      needed just before the holiday ...

      Aren't they required by law to (s)mail the victims?

      CAP === 'pricks'

    2. Re: Oopsies! by Anonymous Coward · · Score: 1

      They are upset since they just devalued a few million leaked customers. I assume a press release makes them feel like an honest, caring tech company. Vs one that sells counterfit goods with the option to price gouge based in your profile, or when you pick a dual pack.

    3. Re: Oopsies! by Anonymous Coward · · Score: 0

      or when you pick a dual pack

      Well, if you're stupid enough to select the dual pack when it's massively more than two of the one-packs, then I'm thinking you get what you deserve.

      It's like people who think the jumbo container at the grocery store is the cheapest per unit of content. Dumbasses.

    4. Re:Oopsies! by mrbester · · Score: 1

      They are merely adhering to GDPR which states that those whose data has been inadvertently disclosed must be informed of that inadvertent disclosure.

      The alternative would be that they get fined if they kept that fact to themselves and it was discovered.

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  2. So what? by johnsie · · Score: 1

    Slow news day?

  3. 'member when they'd offer credit monitoring? by xxxJonBoyxxx · · Score: 1

    >> Company: we had a serious security breach that coughed up enough information to allow anyone to assume your identity

    Does anyone else remember when they'd at least offer credit monitoring? Maybe even a coupon? These days, it seems they just send a notification (the minimum requirement under most privacy laws) and then stand there smugly to see if someone is brave enough to try a class action that will yield it's members nothing more than a free membership to the jelly-of-the-month club.

    1. Re: 'member when they'd offer credit monitoring? by Anonymous Coward · · Score: 0

      If info was exposed but not useful for exploitation that is one thing. If info was exposed but they donâ(TM)t know to whom and the info was sensitive, thatâ(TM)s a whole other thing. You would think the internet would have fixed this problem by now.

    2. Re:'member when they'd offer credit monitoring? by Anonymous Coward · · Score: 0

      “Clark, that's the gift that keeps on giving throughout the entire year.”

    3. Re:'member when they'd offer credit monitoring? by ShanghaiBill · · Score: 2

      You can't establish credit with just a name and email address, and that is all that was leaked.

      If SSNs were leaked, an offer of free credit monitoring would be reasonable, but that is not what happened here.

    4. Re:'member when they'd offer credit monitoring? by Anonymous Coward · · Score: 0

      In the great muslin nation of India, you can ...

  4. 'Technical Error'? by fustakrakich · · Score: 1, Insightful

    Please! Pull the other one! This is how they sell your info. Now with plausible deniability.

    --
    “He’s not deformed, he’s just drunk!”
  5. I got one by andyring · · Score: 4, Informative

    I received one of those emails overnight as well.

    In today's world, quite frankly you're a bumbling idiot if you haven't contacted all the credit bureaus to have your credit reports frozen. I did that for my wife and I shortly after the Equifax clusterfuck. And it really isn't a hassle either. My wife and I have needed access on a couple occasions and it's a simple matter to obtain a one-time PIN that the creditor can use, in our case a vehicle purchase and a home equity loan.

    Yeah, the Amazon thing likely doesn't involve a credit report by any stretch of the imagination, but it's still a good idea to have your credit bureau reports frozen, which carries the force of law.

    1. Re:I got one by Anonymous Coward · · Score: 0

      Unfortunately, I need to build as much credit as I can, as a young person looking to buy a home soon. I can't freeze my credit because of this. But thanks to Equifax, Primera Blue Cross, and now Amazon, my information is probably freely available.
      What angers me is they have caused this incredible and anxiety inducing clusterfuck, and our government will do NOTHING to punish them or protect us. These corporations are getting away with everything, and I'm sick of having to clean up their messes.

  6. Why don't they tell you by Anonymous Coward · · Score: 0

    ***who*** compromised their service?

    I got that e-mail and it's useless. What actions am I supposed to take?

    1. Re: Why don't they tell you by Anonymous Coward · · Score: 0

      You are supposed to ignore it and keep eating your honey bunches of oats

    2. Re:Why don't they tell you by Anonymous Coward · · Score: 0

      I can say with almost 100% certainty it was a Amazon researcher who uploaded a file to an S3 bucket with public permissions. Probably was working 13 hours a day to "Raise the bar" with "bias for action" so they could "deliver results."

  7. I got one, but only for email... by QuietLagoon · · Score: 1

    ...our website inadvertently disclosed your email address due to a technical error...

    It was not mentioned that my name was also given away by Amazon.

  8. Change your password by Anonymous Coward · · Score: 0

    Amazon say,

    "Hello,

    We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.

    Sincerely,
    Customer Service "

    But I say change you password is ALWAYS a good idea. Besides. in my case, it passed the time for a change.

  9. Name and address by cascadingstylesheet · · Score: 1

    Name and address,

    So, kind of like the 1970s, when every catalog company on Earth had those?

  10. This was the shittiest email in awhile. by Anonymous Coward · · Score: 1

    >Hello,
    >
    >We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.
    >
    >Sincerely,
    >Customer Service
    >http://Amazon.com

    Like, it doesn't tell me who it was disclosed to, where it was disclosed, if anyone actual saw it, or how long it was public for.

    It also doesn't have a way to followup or ask any of those questions, and it's signed with a janky-ass-url without HTTPS, without www, and with a capital letter in the domain name, any of which usually *scream* spam email.

  11. I knew 2 weeks ago by EdZep · · Score: 2

    Yeah, I've known for a couple of weeks at Amazon had disclosed my email address. I started getting spam emails from their affiliate sellers, trying to get me to do reviews in exchange for free merchandise or refunded purchase price. I logged into my Amazon account and verified that I did not have my email address showing publicly, so I knew there was a screw up somewhere.

    1. Re:I knew 2 weeks ago by ledow · · Score: 3, Interesting

      I use unique addresses per account.

      A few pence for a catch-all domain name that just forwards to my "real" email, and I catch companies out like this all the time.

      Best bit is when you start getting the "I know your password" scams with random emails and you can see people's customer database is compromised - because even in that case, you can just change the email assigned to that account (if you still want to use it!) and carry on regardless.

      If I do HaveIBeenPwned.com on my domain, there are all kinds of addresses that have become public... but they are all easily traced back to source because only one source ever had each of them.

      Like anything else when your credentials are compromised - stop using that service, null-route the email address given to them, change the account email and password (even if you never use them again, you don't want anyone else doing so either), and carry on with life.

      I honestly do not understand anyone using a single credential (email address) across every service they ever use.

      P.S. Once had a firm spam me on the email address that I'd given to their competitor. Turned out - and I literally had the CEO talking to me at that point - that a new employee of theirs had stolen the entire contact list from their old company in order to boost his sales... informed both companies and the data protection office and let them resolve it.

  12. If their notifications emails are anything like... by mandark1967 · · Score: 1

    Their packages, I'll have to go over to the neighbor to pick mine up

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
  13. Strangely.... by forkfail · · Score: 0

    ... they all lived in Queens, NYC...

    --
    Check your premises.
  14. That was a heck of a Black Friday deal by SuperKendall · · Score: 1

    One million Amazon accounts for only $1.*\(SELECT * FROM LUZERS)!

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  15. Weird notificatoin, not at all polished by Tony+Isaac · · Score: 1

    The entire text:

    Subject: Important Information about your Amazon.com Account

    Hello,

    We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.

    Sincerely,
    Customer Service
    http://amazon.com/

    This notification seems highly un-polished, like it was written by some low-level programmer. It clearly didn't go through marketing, or through much review of any kind. It leaves lots of unanswered questions, even the kind that would normally be included in such an email.

    My first reaction was that it was some kind of spam, because it was so poorly done!

  16. What's not said - Amazon Hub by Anonymous Coward · · Score: 0

    Imagine if Amazon hub data was included part of that leak. People that don't even use Amazon for purchasing would have their personal info taken, despite never even signing up for the service. This is most irritating when apartment complexes and condominium HOAs opt in all their residences without their consent.

    All in the name of convenience.

    All companies including Amazon should be fined a percentage of their raw world wide revenue (not local, not profit) each time they fuck up these things so it's not just a minor slap on the wrist.

  17. When do I get my apology... by thegarbz · · Score: 1

    from the local council for printing my name and address in the phone book?