There are some reports online, and we’ve heard a few rumours, that Amazon UK has been asking users to reset their passwords.
We have no confirmed details about this but here’s one report on ZDnet. There is no indication on why they have made this move and we have seen no details on how many users are affected
But it does seem that some people have received an email. The text of the email to users reportedly reads:
“This is an important message from Amazon.co.uk.
At Amazon, we take your security and privacy very seriously. We recently discovered that your Amazon.co.uk password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party. We have corrected the issue to prevent this exposure. While we have no reason to believe your password was improperly disclosed to a third party, out of an abundance of caution, we have assigned a temporary password to your account. To regain access to your Amazon customer account please follow the below steps. We apologize for any inconvenience this has caused.”
The email continues with help on how users can go about resetting their passwords.
We’d love to hear from you if you have received such an alert. And we’ll report back to you if and when we find out why Amazon seem to have taken this measure.
7 Responses
I had to do mine.
I just had one saying my password had been reset (no explanation). I thought it was fake at first, didn’t click any links, but went to Amazon and – indeed it had been changed, and so I followed the forgot password procedure. No rogue orders in there, thankfully.
I had that message and had to reset my password, only thing I could think of was my son logging onto my Paypal on his Nintendo, with my permission!
We had this message too and I was suspicious as I found I was still logged in to Amazon on the iOS app, but when I went to the Amazon desktop site, our password had indeed been reset.
We had a fraudulent message through the Amazon message system recently that had a link to log in. I could tell it was suspicious as it was asking if a product price was correct – but the price was in $ and we only sell through the UK site. I reported to Amazon, but I’m guessing that it went to others as well, and as it came through the Amazon messaging system, people may well have clicked links in the message, hence them asking for passwords to be changed.
sound like a genuinely pro-active security conscious measure.
if i had to guess; they have identified a weakness in the mobile app, that if a hacker knew about it, they could attempt to learn your password using this method; such as an API call that includes your password in plaintext.
if theres nothing to indicate a hacker had actually obtained passwords this way, ebay would never even mention it and hope you never found out, amazon would err on the side of caution and ask those using the vulnerable app to change passwords just in case. (purely based on my previous experience of the two companies attitudes)
We received an email although the text was different;
This is an important message from Amazon.co.uk
As a precaution, we’ve reset your Amazon.co.uk password because you may have been subject to a “phishing” scam.
Here’s how phishing works:
A scam artist sends an e-mail, which is designed to look like it came from a reputable company such as a bank, financial institution, or retailer like Amazon.co.uk, but is in fact a forgery. These e-mails direct you to a website that looks remarkably similar to the reputable company’s website, where you are asked to provide account information such as your e-mail address and password. Since that website is actually controlled by the phisher, they get the information you entered.
Go to amazon.co.uk/phish to read more about ways to protect yourself from phishing.