Alexa, is that you? Amazon exposes user data in mystery breach, issues creepy non-explanation
An email from Amazon Customer Service notified recipients on Wednesday that their information had been "inadvertently disclosed" because of a "technical error," but stopped short of giving any context, creating more questions than it answered. Some customers were told they'd had their email address leaked; others, their name and email address.
An Amazon spokesperson assured media that the company's website and systems had not been breached, though the company refused to answer questions about how many customers were affected or how long the information was exposed – or to whom.
Some users shared the cagey message on social media, trying to figure out whether they'd been hacked, or if the message was even from Amazon at all.
#tech Some overly casual (and unapologetic) comms from @Amazon on an email leak/hack - Unsure if this a real email or spam, even.— Srinivas KC (@srinivaskc) November 21, 2018
cc: @AmazonHelp, confirm if this email is actually from @Amazon? In what way way were emails disclosed, and to who? pic.twitter.com/fBFvLTJXHe
On an Amazon forum, posters were able to confirm that it was in fact sent by the trillion-dollar company using the message headers – leaving some disturbed at the sender's use of non-secure protocol in the enclosed website link.
The oddly conciliatory wording seemed designed to pacify anxious customers, reassuring them "this is not a result of anything you have done," and stressing "no need for you to change your password or take any other action." Unsettled by its "move along, nothing to see here" tone, many users opted to change their password anyway.
Woke up to this email from Amazon. Cool...thanks for the technical error. "There is no need for you to change your password or take any other action." Well @AmazonHelp I'm changing my password anyway. #Amazon#AmazonEmail#TechnicalErrorpic.twitter.com/OAheQ4MPLD— A.C. Junior (@OfficialMisterC) November 21, 2018
Trying to find out who @Amazon disclosed my personal information to, after their weird email. The customer service agent is powerless to enlighten me, but tells me not to worry. Why shouldn't I? @JeffBezos@AGBecerra@AmazonHelppic.twitter.com/DPWmqBTCQ5— JQB (@ntjqb) November 21, 2018
The breach occurred two days before Black Friday, traditionally the biggest shopping day of the year in the US, and the normally tight-lipped company is no doubt feeling additional pressure to keep a lid on any potential scandal.
Amazon has been hit with criticism from both ends of the political spectrum after announcing earlier this month that it would locate part of its HQ2 complex in Long Island City, New York at a cost of $1.5 billion to taxpayers. Provisions in the deal could net the company twice that in tax breaks at a time when two thirds of ordinary Americans cannot afford an unexpected $500 expense. Owned by Jeff Bezos, whose $150 billion fortune makes him the world's richest man, Amazon has also come under fire for treating workers poorly and reducing their jobs to a series of timed metrics that rules out "luxuries" like bathroom breaks.
There has been no word yet on whether Alexa, the Amazon AI "personal assistant" currently testifying in a murder trial, has finally become sentient and started emailing people in search of a new pen pal, but she's probably laughing over this.