Amazon is Resetting Some Account Passwords, Citing Possible Leaks

Amazon is Resetting Some Account Passwords, Citing Possible Leaks Amazon Security & Privacy Many consumers are going to have a bad holiday experience once the credit card bills arrive in January, but for some the heartburn is arriving early.

ZDNet reports that Amazon is resetting passwords for some users in the US and the UK:

A number of readers told ZDNet they received an email from Amazon saying the company has reset their account password. The message was also sent to their account message center on Amazon.com, and Amazon.co.uk, confirming the message is genuine.

In the email, Amazon said it "recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party."

It adds: "We have corrected the issue to prevent this exposure." The email said it has "no reason" to believe passwords were improperly disclosed to a third party but issued a temporary password out of an "abundance of caution."

This being 2015, we all know by now that it's SOP for companies to reset passwords in the case security breaches or even suspected security breaches. But it's impossible to say exactly why Amazon pressed the big red button; the retailer has not returned an email for comment.

Did you get the email?

If you did, may I direct your attention to the XKCD cartoon on passwords, and its advice that a longer password made up of words is both more secure than a short gibberish password and more easily remembered.

And while you're at it, you might want to also enable two-factor verification and gain an extra degree of security.

Amazon is Resetting Some Account Passwords, Citing Possible Leaks Amazon Security & Privacy

image by christiaan_008

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

5 Comments

  1. Fbone24 November, 2015

    Most websites now require a capital letter and a number.

    Reply
  2. SAD24 November, 2015

    “Most websites now require a capital letter and a number.”
    Which is a fantastic way of reducing the security of a password. If I know you have a number and a capital letter in your password, then I have fewer combinations to try than if I didn’t know anything about it. Unfortunately, this is not something either of us can do anything about.

    And let’s not forget that length does not guarantee strength. Your complicated 100-letter password might coincidentally hash to the same value as an unrelated 5-letter password. But it’s still a good idea to make your password long. And as unique as you can manage.

    Reply
    1. Nate Hoffelder24 November, 2015

      @ SAD

      Indeed. But on the plus side, those two limitations can still be worked with. For example, if you use a company name, you know to capitalize it.

      The password systems that require a funky character are the greater issue. I would bet that the first 3 or 4 characters in the number keys are the most used for that purpose, and this lowers the security level considerably.

      Reply
  3. […] about four months ago when Amazon was resetting account passwords for some users in the US and […]

    Reply
  4. […] security breaches. Those password resets have made the news back in March, and in November of last year. Amazon has in fact been sending emails to users with news of password resets since 2011, and I […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top