Skip to main content

Amazon Now Resetting Some Account Passwords?

20607701226_d5ed9711ae_hRemember about four months ago when Amazon was resetting account passwords for some users in the US and UK?

They’ve started doing it again. Over the weekend a member of MobileRead Forums reported that they received this email from Amazon:

Hello,

At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites. We believe your email address and password set was on that list. For your security, we have assigned a temporary password to your account.

You will need to reset your password when you return to the Amazon.com site. To reset your password, click "Your Account" at the top of any page on Amazon.com. On the Sign In page, click the "Forgot your password?" link to reach the Amazon.com Password Assistance page. After you enter your email or mobile phone number, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided.

Your new password will be effective immediately. We recommend that you choose a password that you have never used with any website.

Sincerely,
Amazon.com

That email is similar to the one Amazon back in November 2015, and in fact similar emails date back as far as June 2011. I found a copy of that earlier email in a four-month-old Reddit thread, and both emails say basically the same thing.

It’s not clear whether Amazon found another security issue, the same one cropped up again, if Amazon is simply recycling the email text whenever they want you to reset your password, or if some scammer copied that earlier email for a new phishing attempt.

In any case, if you get one of these emails you should take it seriously, and follow the appropriate steps:

  1. Do not respond to the email, and do not click any links in the email.
  2. Instead, open a new browser tab and visit Amazon.com to reset your password.

Scammers sometimes use this type of email to trick the unwary into handing over their login info, which is why you shouldn’t click a link in or respond to the email itself.

In fact, that’s exactly what might be happening here. This email was reportedly sent to an address not associated with an Amazon account, which suggests that this email did not come from Amazon.

But the email did not have any outbound links, so it’s not clear what a scammer would gain.

I haven’t gotten the email, so I can’t comment first hand, but if I had would indeed take the steps to change my password from "Passw0rd" to "Pa55w0rd".

Better safe than sorry.

image by christiaan_008

Similar Articles


Comments


2 – Amazon Now Resetting Some Account Passwords Following a Security Breach? March 14, 2016 um 9:46 am

[…] Read more here:https://the-digital-reader.com/2016/03/14/amazon-now-resetting/ […]


S. J. Pajonas March 14, 2016 um 11:55 am

I went and reset my password after examining the email thoroughly. All the outbound links in the email were to Amazon.com (no spoofing or redirects), it was sent to my amazon email address, AND all the headers in the email indicated it was truly sent by Amazon.


Shari March 14, 2016 um 7:26 pm

Interesting, because the email that was sent to me was NOT sent to the email address that is tied to my Amazon account.

Shari


Did Amazon have a security breach? Probably not | SkyNet Chronicles March 15, 2016 um 3:00 am

[…] The Digital Reader points out that “It’s not clear whether Amazon found another security issue, the same one cropped up again, if Amazon is simply recycling the email text whenever they want you to reset your password, or if some scammer copied that earlier email for a new phishing attempt”. […]


RA Hively April 24, 2016 um 3:52 am

It just happened to me (April 24, 2016) I was PO’ed. If Amazon has discovered a hackers "list" users and their passwords ("but not on our site!") they need to get it out to all news channels. Then I googled and found it is a form letter that has been used for several years by Amazon. So’s I went to my Amazon account. Sure enough, locked out. So’s I did the password reset. Pretty low life scum bag way to get me to change my password. Enough with the fearmongering. I may get so fearful I’ll just quit using Amazon entirely.


Amazon Has Reportedly Been Hacked, and Details on 84,000 Kindle Account May Have Been Stolen | The Digital Reader July 12, 2016 um 10:31 am

[…] reset user passwords following possible security breaches. Those password resets have made the news back in March, and in November of last year. Amazon has in fact been sending emails to users with news of […]


Write a Comment