Story image

Amazon customers irate after 'technical error'

22 Nov 2018

A ‘technical error’ was responsible for revealing some Amazon  customers’ names and email addresses – although many people worldwide are speculating that it could have been a data breach.

While Amazon isn’t giving too much away about what happened, reports suggest that the error exposed customer names and email addresses. It quickly informed the customers affected by the error and remedied the situation.

However, customers have been quick to point out that Amazon’s handling of the situation has been less than perfect. 

According to user posts on Amazon’s Seller Central forums, the content of the initial notification didn’t explain enough. The email says:

“Hello,

We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.

Sincerely,
Customer Service”

As Amazon user ko_marketing puts it, “It’s as if a 10 year old composed the message.”

While it’s possible that Amazon doesn’t have information at hand about how many people were affected by the error or who could have seen the publicly available information, Amazon did not admit that lack of knowledge in its email.

Many have called out Amazon’s request for users not to change their passwords as a poor suggestion, particularly because it does nothing but raise further suspicion. Many users wondered whether the email was genuine or a phishing email.

Amazon also failed to disclose whether it has notified any regulatory bodies or national Computer Emergency Response Teams (CERTs) about the issue. This has also aggravated unhappy customers – and security experts.

We got the word from Ilia Kolochenko, CEO of web security company High-Tech Bridge about what it could mean:

“I wouldn’t hurry with premature conclusions until all technical details of the incident become clear. Based on the information currently available, it is technically incorrect to call this incident a “data breach”. This rather looks like an inadvertent programming error that made some details of Amazon’s profiles publicly available to random people,” says Kolochenko.
 
“Unfortunately, even such companies as Amazon are not immune from such omissions. Our IT systems become more convoluted and intricate every day, inevitably causing more human errors. Amazon’s reaction seems to be quite prompt, however an official statement would certainly be helpful to prevent any speculation and unnecessary exaggeration of the incident and its scope.”

It’s now up to Amazon to put users’ suspicions to rest and undertake some serious damage control.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
Facebook fights fake news ahead of Africa elections
“We also show related articles from fact-checkers for more context and notify users if a story they have shared is rated as false.”
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.