We're deep in the throes of Black Friday week, which one might imagine is generally the jolliest time of the year for Amazon. However, the massive global e-commerce platform has just revealed some less-than-jolly news: it "inadvertently disclosed" customer email addresses due to a "technical error."
Customers in the US, UK, and Europe who were affected by this data exposure were alerted via a brief email sent by the company on Wednesday, November 21st. The email states only that the data was exposed and that the issue has since been fixed. It concludes with the following statement: "This is not a result of anything you have done, and there is no need for you to change your password or take any other action."
The final instruction isn't having the soothing effect on customers that was no doubt intended, with many taking to social media to express their discontent. Additionally, the fact that the email is so short and lacking in branded design elements provoked concerns for some that it was a phishing attempt from a non-Amazon entity.
#AmazonDataBreach #AmazonEmail @amazon @AmazonHelp @AmazonUK Not exactly reassuring and would be interesting to see the extent of the breach and how it relates to GDPR. Think customers need an explanation & if their financial details have been compromised - you have duty of care pic.twitter.com/fk5kSs458D
— Katya von der Goltz King (@KatyavdGK) November 21, 2018
This is not the case — Amazon has confirmed the exposure to the media, noting that names were also exposed, but there's still much that remains mysterious. How many customer emails were exposed? Which of Amazon's sites were impacted? Who could have gained access to the emails and names? Amazon refuses to divulge anything further.
@amazon do you have more information? Your email was short on technical details on the exposure of my Personally Identifying information. Like what was the disclosure, who many times was it accessed, how large was this breach and what actions were taken to prevent this? pic.twitter.com/W8kqqDqiDb
— gwaland (@gwaland) November 21, 2018
With so little known about the exposure, it's difficult for customers to trust Amazon is handling the problem properly, instead putting them in the vulnerable position of having to blindly accept a few terse lines in a sketchy-looking email. It's also unclear if Amazon has reported the exposure to any government regulatory bodies.
For now, all we know is that Amazon found a flaw serious enough to warrant a mass email during one of its largest sales periods, and it believes there's no reason to change your password. But honestly, you may as well — and if you're unhappy with the way this is being handled (as you have ample reason to be), a sternly-worded tweet or email couldn't hurt.