Amazon has admitted a data leak that has impacted customers globally, days before the hottest e-commerce day of the year, Black Friday.
First reported by the Register, the company has declined thus far to say how many were affected, nor whether it has told regulators yet.
It’s not the first embarrassment to hit the company ahead of a peak demand time for shoppers. This summer the company lost an estimated £76 million after a 63-minute website outage on its much-hyped Prime day.
A short email sent to customers reads: “Hello. We’re contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error. The issue has been fixed.”
“This is not a result of anything you have done, and there is no need for you to change your password or take any other action. Sincerely, Customer Service”
The curt tone and general lack of further information led many to wonder if it was a fraud, particularly given the email includes an insecure http link at the bottom.
Some Amazon customers are reporting getting an email like this which is rather uhh… short on information about names and email addresses being exposed.
— Graham Cluley 🇺🇦 (@gcluley) November 21, 2018
The company has confirmed it is real however.
Amazon Help’s Twitter account offers little further detail. Its last post was three days ago and is a response to a customer struggling to make Alexa play their song of choice.
Computer Business Review has contacted Amazon for further comment.
At least one security professional was sympathetic.
Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge said in an emailed statement: “This rather looks like an inadvertent programming error that made some details of Amazon’s profiles publicly available to random people.”
“Unfortunately, even such companies as Amazon are not immune from such omissions. Our IT systems become more convoluted and intricate every day, inevitably causing more human errors. Amazon’s reaction seems to be quite prompt, however an official statement would certainly be helpful to prevent any speculation and unnecessary exaggeration of the incident and its scope.”