Amazon Has Emailed an Unspecified Number of Customers To Inform Them That Their Names and Addresses Were Disclosed by the Website, Blames 'Technical Error'

If you have received a strange email from Amazon today, you're not alone. A number of customers on Wednesday received an email from the company in which it notes that it "inadvertently disclosed your name and email address due to a technical error." The company confirmed to BetaNews that the emails are genuine, but did not discuss the nature and severity of the technical error and how many customers are impacted. The technical error impacted customers in the United States as well as United Kingdom. It remains unclear if customers elsewhere were affected too. In a statement, the company said, "We have fixed the issue and informed customers who may have been impacted."

I got one

[andyring]

I received one of those emails overnight as well.

In today's world, quite frankly you're a bumbling idiot if you haven't contacted all the credit bureaus to have your credit reports frozen. I did that for my wife and I shortly after the Equifax clusterfuck. And it really isn't a hassle either. My wife and I have needed access on a couple occasions and it's a simple matter to obtain a one-time PIN that the creditor can use, in our case a vehicle purchase and a home equity loan.

Yeah, the Amazon thing likely doesn't involve a credit report by any stretch of the imagination, but it's still a good idea to have your credit bureau reports frozen, which carries the force of law.

Re:'member when they'd offer credit monitoring?

[ShanghaiBill]

You can't establish credit with just a name and email address, and that is all that was leaked.

If SSNs were leaked, an offer of free credit monitoring would be reasonable, but that is not what happened here.

I knew 2 weeks ago

[EdZep]

Yeah, I've known for a couple of weeks at Amazon had disclosed my email address. I started getting spam emails from their affiliate sellers, trying to get me to do reviews in exchange for free merchandise or refunded purchase price. I logged into my Amazon account and verified that I did not have my email address showing publicly, so I knew there was a screw up somewhere.

Re:I knew 2 weeks ago

[ledow]

I use unique addresses per account.

A few pence for a catch-all domain name that just forwards to my "real" email, and I catch companies out like this all the time.

Best bit is when you start getting the "I know your password" scams with random emails and you can see people's customer database is compromised - because even in that case, you can just change the email assigned to that account (if you still want to use it!) and carry on regardless.

If I do HaveIBeenPwned.com on my domain, there are all kinds of addresses that have become public... but they are all easily traced back to source because only one source ever had each of them.

Like anything else when your credentials are compromised - stop using that service, null-route the email address given to them, change the account email and password (even if you never use them again, you don't want anyone else doing so either), and carry on with life.

I honestly do not understand anyone using a single credential (email address) across every service they ever use.

P.S. Once had a firm spam me on the email address that I'd given to their competitor. Turned out - and I literally had the CEO talking to me at that point - that a new employee of theirs had stolen the entire contact list from their old company in order to boost his sales... informed both companies and the data protection office and let them resolve it.