Amazon is Resetting Some Account Passwords, Citing Possible Leaks

20971563620_238d73ffca_hMany consumers are going to have a bad holiday experience once the credit card bills arrive in January, but for some the heartburn is arriving early.

ZDNet reports that Amazon is resetting passwords for some users in the US and the UK:

A number of readers told ZDNet they received an email from Amazon saying the company has reset their account password. The message was also sent to their account message center on, and, confirming the message is genuine.

In the email, Amazon said it "recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party."

It adds: "We have corrected the issue to prevent this exposure." The email said it has "no reason" to believe passwords were improperly disclosed to a third party but issued a temporary password out of an "abundance of caution."

This being 2015, we all know by now that it's SOP for companies to reset passwords in the case security breaches or even suspected security breaches. But it's impossible to say exactly why Amazon pressed the big red button; the retailer has not returned an email for comment.

Did you get the email?

If you did, may I direct your attention to the XKCD cartoon on passwords, and its advice that a longer password made up of words is both more secure than a short gibberish password and more easily remembered.

And while you're at it, you might want to also enable two-factor verification and gain an extra degree of security.


image by christiaan_008

About Nate Hoffelder (11467 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader: "I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

3 Comments on Amazon is Resetting Some Account Passwords, Citing Possible Leaks

  1. Most websites now require a capital letter and a number.

  2. “Most websites now require a capital letter and a number.”
    Which is a fantastic way of reducing the security of a password. If I know you have a number and a capital letter in your password, then I have fewer combinations to try than if I didn’t know anything about it. Unfortunately, this is not something either of us can do anything about.

    And let’s not forget that length does not guarantee strength. Your complicated 100-letter password might coincidentally hash to the same value as an unrelated 5-letter password. But it’s still a good idea to make your password long. And as unique as you can manage.

    • @ SAD

      Indeed. But on the plus side, those two limitations can still be worked with. For example, if you use a company name, you know to capitalize it.

      The password systems that require a funky character are the greater issue. I would bet that the first 3 or 4 characters in the number keys are the most used for that purpose, and this lowers the security level considerably.

2 Trackbacks & Pingbacks

  1. Amazon Now Resetting Some Account Passwords Following a Security Breach? | The Digital Reader
  2. Amazon Has Reportedly Been Hacked, and Details on 84,000 Kindle Account May Have Been Stolen | The Digital Reader

Leave a comment

Your email address will not be published.