Amazon suffered a data breach which exposed customer names and email addresses on its website, reported the Guardian, just two days before the Black Friday sale in the US. Amazon’s statement said that it has “fixed the issue and informed customers who may have been impacted” but did not provide any further details. This sensitive information was exposed due to a technical order and Amazon said that that users need not change their passwords.
Amazon said, “We have fixed the issue and informed customers who may have been impacted,” in response to a detailed questionnaire by MediaNama. The company did not provide any further details about the issue was and how many customers were affected, among other questions asked by MediaNama.
Note that Amazon has not disclosed, among other things, how many users and from where were exposed or which of Amazon’s sites were impacted and for how long, or who viewed or accessed the exposed email addresses or names.
Turns out that weird data breach notification email from Amazon *is* real….
Amazing lack of detail, and plenty of reasons why people felt it could be dodgy.
— Graham Cluley (@gcluley) November 21, 2018
The UK data regulator ICO (Information Commissioner), which needs to be notified of breaches under the GDPR, said it following the situation closely.