An as-of-yet-unknown number of Amazon accounts had to be reset yesterday (Nov. 24) when several customers got word from Amazon that their passwords may have been compromised. Messages were both sent directly to customers and posted within the Amazon message center — confirming this was a legitimate reset and not a phishing scam.
Amazon’s email noted it had “recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party.”
“We have corrected the issue to prevent this exposure.”
Amazon further noted that there is, as of yet, no evidence to suspect that any third parties actually got any improper information but that Amazon was proceeding nonetheless with an “abundance of caution.”
It is not unusual for companies to reset passwords in the event of a breach, though reports do not indicate one has taken place in this case. Nor is this the first time Amazon has sent out this type of mass mailing; periodic password reset emails from the eCommerce giant have gone out every so often at least since 2010 — the last year ZDNet can document such a letter.
