Security News Amazon Denies Data Breach Rumors but Resets User Passwords Just in Case

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
"Out of an abundance of caution," as every company likes to say these days, Amazon has started resetting passwords for a select list of users who had their personal details exposed online.

The company says that nobody breached its servers, but that it took this step after its security staff discovered a set of customer details posted online as part of another breach at another company.

Breach didn't happen at Amazon, says Amazon
Amazon says those details matched the details of Amazon accounts, and since it had no way of knowing if those customers reused the same passwords for their Amazon accounts, it decided to air on the safe side of things and reset those customers' passwords, just in case.

Password reset emails started going out last week, when several users posted screenshots on Twitter, and have continued to reach users this week.

At the time of writing, only a small number of users have reported receiving these emails. The exact number of affected customers is currently unknown.

Amazon also reset some customer passwords in July 2015
Amazon took a similar step of resetting user passwords in July when a hacker that goes on Twitter by the name of 0x2Taylor uploaded online a file with information on 80,000 Amazon Kindle users.

Amazon denied it was hacked, which may be true since hackers can also collect login credentials using malware (password dumpers, infostealers, keyloggers), and don't have to necessarily breach Amazon's well-defended servers.

This was not the case, though, as 0x2Taylor posted a screenshot of some of the leaked data, hours later, after saying that Amazon ignored him after reporting the security issue.

According to those who managed to grab a copy of the leaked data before being taken down, the file included details such as a user's email, password, city, state, phone number, ZIP code, useragent string, IP address, and street address information.

While for that specific incident the truth seemed to lean towards 0x2Taylor's side of events, Amazon should be happy that it's been plagued only by smaller-sized breaches, and not by mega breach events that expose details of hundreds of millions of users (cough, Yahoo, cough).

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top