Security & Fraud

Amazon Reportedly Sent Customers Wrong Order Info

Amazon Sent Customers Wrong Order Info

Amazon customers are saying they have received email updates and invoices about orders that belong to other people, as reported on Friday (Aug. 16).

The founder of a cybersecurity firm reported the issue after he received an email with another Amazon customer’s order information that also included the name and address of that user.

Jake Williams, the founder of cybersecurity firm Rendition Infosec, told the news outlet he had ordered something from Amazon months ago that wasn’t yet available for shipping when he got an email that the items were on the way – but the order wasn’t his. Other Amazon customers reported similar incidents.

“I think they legitimately intended to email me a notification that my item was shipping early,” he said. “I just think they screwed something up in the system and sent the updates to the wrong people.”

The security blunder is a “serious breach of trust” because of how much personal information can be revealed on an Amazon order, Williams said.

Some customers took to Twitter to express their concern over the misdirected emails. One customer tweeted that Amazon’s customer service told him the issue will be investigated. Another customer tweeted that she spoke to an Amazon supervisor about the issue but was given a “nonchalant” response. The supervisor reportedly told her the issue happens frequently.

A spokesperson for Amazon did not return a request for comment from the reporting outlet.

This is Amazon’s second security slip in less than a year. In November, customers were emailed about a “technical error” that said customers’ email addresses had been exposed. When asked about specifics, Amazon would not comment.

Additionally, Capital One used Amazon cloud services when it was hacked in July, and the accused hacker is a former Amazon engineer. The newest lawsuit, which was filed earlier this month in federal court in Seattle, includes Amazon as a defendant.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.