In what it described as a “technical error,” Amazon confirmed Wednesday (Nov. 21) that some of its customer names and emails have been exposed, and the company has notified the affected users.
First reported by BetaNews, the technical glitch has been fixed, Amazon said, but remained mum on exactly how many users’ names and emails may have been exposed, or how long the glitch lasted. Amazon emailed affected users and assured them that they do not have to reset their passwords.
“We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error,” Amazon wrote in its email to affected customers. “The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.”
Reports in CNBC Wednesday noted that even if customer passwords were not compromised, names and emails could still be used by hackers to attempt to reset Amazon accounts or to send phishing emails. An Amazon spokesperson declined to answer questions about how many users may have been affected.
A customer forum also saw some affected Amazon users saying they were surprised that Amazon did not recommend that they reset their passwords, nor did they use a secure link in the email signature sent to affected customers.
Earlier this year, Amazon was at the center of security concerns when Bloomberg reported that the firm, along with 29 other companies, were targeted in a “chip-as-surveillance” initiative tied to servers assembled by San Jose-based Super Micro. In the wake of the Bloomberg article, Super Micro, Amazon and other tech giants, including Apple, denied the reports and said they had found no evidence of wrongdoing. China similarly denied the reports.
Amazon has also faced scrutiny in the past over concerns that cybercriminals could hack the Amazon Echo device to spy on its users.