Amazon is Resetting Some Account Passwords, Citing Possible Leaks
Many consumers are going to have a bad holiday experience once the credit card bills arrive in January, but for some the heartburn is arriving early.
ZDNet reports that Amazon is resetting passwords for some users in the US and the UK:
A number of readers told ZDNet they received an email from Amazon saying the company has reset their account password. The message was also sent to their account message center on Amazon.com, and Amazon.co.uk, confirming the message is genuine.
In the email, Amazon said it "recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party."
It adds: "We have corrected the issue to prevent this exposure." The email said it has "no reason" to believe passwords were improperly disclosed to a third party but issued a temporary password out of an "abundance of caution."
This being 2015, we all know by now that it’s SOP for companies to reset passwords in the case security breaches or even suspected security breaches. But it’s impossible to say exactly why Amazon pressed the big red button; the retailer has not returned an email for comment.
Did you get the email?
If you did, may I direct your attention to the XKCD cartoon on passwords, and its advice that a longer password made up of words is both more secure than a short gibberish password and more easily remembered.
And while you’re at it, you might want to also enable two-factor verification and gain an extra degree of security.
image by christiaan_008
Comments
Fbone November 24, 2015 um 12:38 pm
Most websites now require a capital letter and a number.
SAD November 24, 2015 um 2:53 pm
"Most websites now require a capital letter and a number."
Which is a fantastic way of reducing the security of a password. If I know you have a number and a capital letter in your password, then I have fewer combinations to try than if I didn’t know anything about it. Unfortunately, this is not something either of us can do anything about.
And let’s not forget that length does not guarantee strength. Your complicated 100-letter password might coincidentally hash to the same value as an unrelated 5-letter password. But it’s still a good idea to make your password long. And as unique as you can manage.
Nate Hoffelder November 24, 2015 um 3:01 pm
@ SAD
Indeed. But on the plus side, those two limitations can still be worked with. For example, if you use a company name, you know to capitalize it.
The password systems that require a funky character are the greater issue. I would bet that the first 3 or 4 characters in the number keys are the most used for that purpose, and this lowers the security level considerably.
Amazon Now Resetting Some Account Passwords Following a Security Breach? | The Digital Reader March 14, 2016 um 9:12 am
[…] about four months ago when Amazon was resetting account passwords for some users in the US and […]
Amazon Has Reportedly Been Hacked, and Details on 84,000 Kindle Account May Have Been Stolen | The Digital Reader July 12, 2016 um 12:37 pm
[…] security breaches. Those password resets have made the news back in March, and in November of last year. Amazon has in fact been sending emails to users with news of password resets since 2011, and I […]