Some Amazon account holders have reported receiving e-mails from the company letting them know that their passwords have been reset because of a recent vulnerability it discovered.
The e-mail message told recipients that their passwords “may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party,” according to a report in ZDNet today. The e-mail also stated that Amazon had reset those users’ passwords out of an “abundance of caution.”
It’s not clear how many users might have been affected, what caused the vulnerability, or how Amazon discovered it. Amazon has not responded to our request for comment.
Uncertain How Many Affected
A look through the questions posted on Amazon’s online help community over the past 24 hour haven’t revealed much discussion by customers about the reported password problem.
According to ZDNet, “a number of readers” reported receiving the password-related e-mail. “The message was also sent to their account message center on Amazon.com and Amazon.co.uk, confirming the message is genuine,” the report noted.
The reported password issue comes less than a week after Amazon quietly rolled out a new option for two-factor authentication for customers who wanted to boost the security of their accounts. The new security feature, which is optional for users, is now generally available to users in the U.S. but does not yet appear to have been added to the account management system for users in the U.K.
Exercising Holiday Precaution
Some 135.8 million U.S. shoppers are expected to hit stores — online and off — between Thanksgiving Day and the following Sunday, according to the National Retail Federation’s predictions for the holiday shopping season. That’s slightly higher than the 133.7 million shoppers reported in 2014.
The National Cyber Security Alliance, which represents companies including Intel, Microsoft, PayPal and Visa, has issued a guide on how to “Be a Cybersmart Holiday Shopper.” The guide includes such recommendations as discarding suspicious texts and e-mails, limiting activity on public Wi-Fi networks while out shopping and activating two-step authentication for online banking and messaging.
A study by the mobile identity company TeleSign earlier this year found that while a majority (70 percent) of people surveyed said they didn’t have “a high degree of confidence” in password-protected security, more than half (56 percent) were unfamiliar with two-factor authentication. TeleSign senior vice president of marketing Brian Czarny told us last week that “protecting online accounts with a simple username/password is simply not safe enough in today’s environment.”
The annual report from the FBI’s Internet Crime Complaint Center, released earlier this year, said the agency had received 269,422 complaints with monetary losses exceeding $ 800 million in 2014. The report noted that the growing use of social media “has provided a quintessential goldmine of personal data for perpetrators.”