Amazon admits some customers’ names and email addresses were exposed online in ‘technical error’ ahead of Black Friday
- Amazon says ‘technical error’ caused customer info to be exposed on its site
- The firm says it emailed all who were affected by this, but has not said how many
- Amazon also said the issue was not a breach of its website or any of its systems
9
View
comments
Amazon says it has ‘inadvertently disclosed’ customer information during one of the busiest shopping weeks of the year.
The firm revealed a technical error caused customer names and email addresses to be exposed on its website.
The e-commerce giant said it has emailed all affected customers and insists there is ‘no need’ to take action as Black Friday approaches.
Amazon says it has ‘inadvertently disclosed’ customer information during one of the busiest shopping weeks of the year. The firm revealed a technical error caused customer names and email addresses to be exposed on its website. File photo
The online shopping event predominately takes place in the US around the Thanksgiving holiday but hundreds of UK retailers now also take part on what has become a multi-billion dollar shopping day.
The firm said the issue was not a breach of its website or any of its systems, but a technical issue that inadvertently posted customer names and email addresses to its website.
In a statement, Amazon said: ‘We have fixed the issue and informed customers who may have been impacted.’
It did not disclose how many users had been involved in the incident but confirmed it had emailed all affected customers out of caution.
Despite Amazon’s assurance, security experts say customers whose information was exposed should still consider changing their passwords.
- Dancing in the moonlight: Perfectly timed image captures the… Astronomer captures the incredible moment a meteor explodes… Rembrandt painting of Jesus will go on sale for £6m after… Don’t talk about Christmas in front of Alexa! Unwitting…
Share this article
UK data regulator the Information Commissioner’s Office (ICO) – which Amazon must inform of any data breach as part of the General Data Protection Regulation (GDPR) introduced this year – said it was following the situation.
‘It is always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers,’ an ICO spokeswoman said.
‘The ICO will, however, continue to monitor the situation and co-operate with other supervisory authorities where required.’
The firm said the issue was not a breach of its website or any of its systems, but a technical issue that inadvertently posted customer names and email addresses to its website. Many who received the email were wary
Richard Walters, chief technical officer of cybersecurity firm CensorNet, said those affected should consider changing their passwords.
‘If the reports are correct, the information leaked – names and email addresses – is less significant than some of these other breaches, which saw card details leaked.
However, it would be wrong to assume that this makes the breach inconsequential,’ he said.
‘Cyber-criminals can do a lot of damage with a large database of names and emails.
WHAT WEBSITES ARE MOST SECURE?
Cybersecurity firm Dashlane looked at 22 different websites and ranked them based on how secure they are and their login protocols.
One point was awarded for the presence of SMS/email authentication and a software token for of authentication but three points were awarded for the use of hardware tokens.
The cybersecurty firm considered anything less than full marks and the presence of all three security measures to be a fail.
2018 UK Rankings
5/5 Points – PASS
- Battle.net
2/5 Points – FAIL
- Amazon
- Apple
- Evernote
- Patreon
- Slack
1/5 Point – FAIL
- Airbnb
- eBay
- Indeed
- Yahoo!
0/5 Points – FAIL
- Asos
- Trip Advisor
The greatest risk is of brute force attacks – where criminals use a leaked email address and common password combinations to try and break into other personal accounts.
‘A large majority of people still use predictable passwords, and thanks to previous high-profile breaches many people’s passwords are also readily available on the dark web.
For cyber-criminals, it then just becomes an exercise in joining the dots.
‘If you’ve been affected, make sure you change your passwords quickly on all services you use, both work and private.’
Source: Read Full Article