Nov 21, 2018 - Technology

Amazon says technical error disclosed customer information

Amazon boxes

An Amazon fulfillment center prepares for Black Friday sales. Photo: Leon Neal/Getty Images

The names and email addresses of some Amazon customers were revealed due to a technical error, but the issue has since been fixed, the e-commerce giant said Wednesday.

The big picture: Passwords do not appear to have been disclosed. Amazon's notice to impacted consumers even says that there is "no need for you to change your password or take any other action." If a bad guy saw the emails and passwords while they were exposed — and we don't know any did — they do not immediately have access to the accounts.

Why it matters: The glitch occurred just days before Black Friday and Cyber Monday, the busiest shopping days of the year. In theory, a bad guy who saw the names and email addresses could send scam emails pretending to be Amazon to users to try to steal log-in information, or could match email addresses with passwords from other sites' breaches to see if they work.

Quick take: Given the fact that millions of people around the world already have an account with Amazon, a bad guy could literally do this for Amazon accounts with any list of names and email addresses.

  • This isn't good by any stretch, and it may limit consumer confidence in the company. It's a bad look, especially given that Amazon fired an employee who shared customer data without permission.

What we know: Amazon says all affected users have been contacted and it fixed the issue.

What we don't know: How many users had data exposed, how long the data was exposed or how difficult the data would be to find.

Go deeper