An Amazon data breach incident took place in the lead up to the big Black Friday sales a few weeks ago.
The incident reportedly stemmed from a technical problem.
In the data protection breach, customer names and email addresses were inadvertently posted on the company’s website. They were removed upon discovery of the error, and customers affected by the data breach have been informed.
The Information Commissioner’s Office (ICO) is said to be looking into the situation.
Amazon data breach victims told to take no action
Victims affected by the recent Amazon data breach have been informed.
In a short statement, the online retail giant said:
“We have fixed the issue and informed customers who may have been impacted.”
It’s understood that those affected by the breach were told that their website had “inadvertently disclosed your email address or name and email address due to a technical error.” They have also said that there is “is no need for you to change your password or take any other action”.
We find this last part particularly odd.
Even in a small data breach, victims should take precaution. Changing a password is the most basic thing someone can do; even where passwords or partial passwords haven’t been exposed in a breach.
I’m somewhat surprised that they’ve taken this approach. At the very least, victims of the Amazon data breach could now be prime (no pun intended) targets for phishing scams.
Amazon also said that they take such security matters very seriously and have measures in place to ensure information is secure.
Any data breach victim should beware
Any victim of an incident like the Amazon data breach should beware in the aftermath of the breach. Even a name and an email address can be enough for a fraudster to try a phishing scam or a similar crime.
Victims of the TalkTalk hack – as one example – were contacted by scammers pretending to be TalkTalk. We’ve helped people who were scammed out of thousands of pounds as a result of the breach. There should never be a case of companies telling victims that they don’t need to take action in my view.
A little data can go a long way, and it can be pieced together across several breaches as well. Don’t ever just assume that you’ve not already fallen victim to another breach. Some companies hit by breaches don’t even realise they’ve been hit until months or even years after the event.
Victims of the Amazon data breach should take the same precautions any victim of a breach ought to.