Amazon customers are saying they have received email updates and invoices about orders that belong to other people, as reported on Friday (Aug. 16).
The founder of a cybersecurity firm reported the issue after he received an email with another Amazon customer’s order information that also included the name and address of that user.
Jake Williams, the founder of cybersecurity firm Rendition Infosec, told the news outlet he had ordered something from Amazon months ago that wasn’t yet available for shipping when he got an email that the items were on the way – but the order wasn’t his. Other Amazon customers reported similar incidents.
“I think they legitimately intended to email me a notification that my item was shipping early,” he said. “I just think they screwed something up in the system and sent the updates to the wrong people.”
The security blunder is a “serious breach of trust” because of how much personal information can be revealed on an Amazon order, Williams said.
Some customers took to Twitter to express their concern over the misdirected emails. One customer tweeted that Amazon’s customer service told him the issue will be investigated. Another customer tweeted that she spoke to an Amazon supervisor about the issue but was given a “nonchalant” response. The supervisor reportedly told her the issue happens frequently.
A spokesperson for Amazon did not return a request for comment from the reporting outlet.
This is Amazon’s second security slip in less than a year. In November, customers were emailed about a “technical error” that said customers’ email addresses had been exposed. When asked about specifics, Amazon would not comment.
Additionally, Capital One used Amazon cloud services when it was hacked in July, and the accused hacker is a former Amazon engineer. The newest lawsuit, which was filed earlier this month in federal court in Seattle, includes Amazon as a defendant.