Just two days before Black Friday launched, Amazon has suffered a major data breach, which caused customer names and email addresses to be disclosed on its website. Amazon has emailed the customers affected, but has refused to say how many customers were affected. Amazon say this is not a breach of the website’s security or any of its systems, but a technical issue, that led to customers names and email addresses being posted.
Amazon said: “We have fixed the issue and informed customers who may have been impacted.”
Customers who received an email were told: “Our website inadvertently disclosed your email address or name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action. The impacted customers have been contacted. Amazon takes all security related matters seriously and your account security is our top priority. We have policies and security measures in place to ensure that your personal information remains secure.”
The fact that only names and email addresses were affected makes the information leaked less significant than some other data breaches where credit card details have been exposed. Cyber security experts warn that despite the limited nature of the data leak, customers should still be wary about how it can be used.
Richard Walters, chief technology officer of CensorNet, wrote in an email to The Independent: “Cyber criminals can do a lot of damage with a large database of names and emails. The greatest risk is of brute force attacks – where criminals use a leaked email address and common password combinations to try and break into other personal accounts, A large majority of people still use predictable passwords, and thanks to previous high-profile breaches many people’s passwords are also readily available on the dark web. For cyber criminals, it then just becomes an exercise in joining the dots. This risk is amplified by the fact that many people also use their work email addresses for personal accounts or services such as Amazon”
With Cybercrime on the rise and so many people being targeted through sophisticated scams, it is important to do everything we can to keep ourselves safe online. To help us protect our private and personal information from being exposed to hackers, Cyber Aware has released the following tips:
- Use a strong, separate password for your email.
- A good way to create a strong and memorable password is to use three random words. Numbers and symbols can be used to make it stronger.
- Use words which are memorable to you, but not easy for other people to guess. Don’t use words such as your child’s name or favourite sports team which are easy for people to guess by looking at your social media accounts or simple substitutions like ‘Pa55word!’
- When available you should use two-factor authentication (2FA) on your email account. It gives it extra layer of security, as it means your account can only be accessed on a device that you have already registered
- Don’t use public Wi-Fi to transfer sensitive information such as card details