Just days before its big “Black Friday” sale, Amazon suffered a breach of its cloud.
The outfit wrote to some users warning that their names and emails had been exposed due to a “technical error.”
The email said that the online bookseller had fixed the problem and users did not have to do anything else.
Passwords apparently did not need to be changed.
“This is not a result of anything you have done, and there is no need for you to change your password or take any other action”, said Amazon’s customer service division.
It looks like Amazon is feeling confident that only usernames and email addresses where compromised, not user account information or passwords, but it is not the sort of thing you want to happen before you main sales day.
Amazon said that its website and systems were not breached.
On Twitter, several users said they would be changing their passwords regardless, noting concerns that bad actors could target the exposed emails for phishing attacks, or attempt to reset a user’s account.
Users also voiced concerns that the link to Amazon’s website in the email signature did not contain a secure link, which should be “https” instead of “HTTP”.
Many would have been forgiven for thinking that the Amazon letter was a phishing attempt.