Story image

Amazon customers irate after 'technical error'

22 Nov 18

A ‘technical error’ was responsible for revealing some Amazon  customers’ names and email addresses – although many people worldwide are speculating that it could have been a data breach.

While Amazon isn’t giving too much away about what happened, reports suggest that the error exposed customer names and email addresses. It quickly informed the customers affected by the error and remedied the situation.

However, customers have been quick to point out that Amazon’s handling of the situation has been less than perfect. 

According to user posts on Amazon’s Seller Central forums, the content of the initial notification didn’t explain enough. The email says:

“Hello,

We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.

Sincerely,
Customer Service”

As Amazon user ko_marketing puts it, “It’s as if a 10 year old composed the message.”

While it’s possible that Amazon doesn’t have information at hand about how many people were affected by the error or who could have seen the publicly available information, Amazon did not admit that lack of knowledge in its email.

Many have called out Amazon’s request for users not to change their passwords as a poor suggestion, particularly because it does nothing but raise further suspicion. Many users wondered whether the email was genuine or a phishing email.

Amazon also failed to disclose whether it has notified any regulatory bodies or national Computer Emergency Response Teams (CERTs) about the issue. This has also aggravated unhappy customers – and security experts.

We got the word from Ilia Kolochenko, CEO of web security company High-Tech Bridge about what it could mean:

“I wouldn’t hurry with premature conclusions until all technical details of the incident become clear. Based on the information currently available, it is technically incorrect to call this incident a “data breach”. This rather looks like an inadvertent programming error that made some details of Amazon’s profiles publicly available to random people,” says Kolochenko.
 
“Unfortunately, even such companies as Amazon are not immune from such omissions. Our IT systems become more convoluted and intricate every day, inevitably causing more human errors. Amazon’s reaction seems to be quite prompt, however an official statement would certainly be helpful to prevent any speculation and unnecessary exaggeration of the incident and its scope.”

It’s now up to Amazon to put users’ suspicions to rest and undertake some serious damage control.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.