Amazon Now Resetting Some Account Passwords?

Amazon Now Resetting Some Account Passwords? Amazon Security & Privacy Remember about four months ago when Amazon was resetting account passwords for some users in the US and UK?

They've started doing it again. Over the weekend a member of MobileRead Forums reported that they received this email from Amazon:

Hello,

At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites. We believe your email address and password set was on that list. For your security, we have assigned a temporary password to your account.

You will need to reset your password when you return to the Amazon.com site. To reset your password, click "Your Account" at the top of any page on Amazon.com. On the Sign In page, click the "Forgot your password?" link to reach the Amazon.com Password Assistance page. After you enter your email or mobile phone number, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided.

Your new password will be effective immediately. We recommend that you choose a password that you have never used with any website.

Sincerely,
Amazon.com

That email is similar to the one Amazon back in November 2015, and in fact similar emails date back as far as June 2011. I found a copy of that earlier email in a four-month-old Reddit thread, and both emails say basically the same thing.

It's not clear whether Amazon found another security issue, the same one cropped up again, if Amazon is simply recycling the email text whenever they want you to reset your password, or if some scammer copied that earlier email for a new phishing attempt.

In any case, if you get one of these emails you should take it seriously, and follow the appropriate steps:

  1. Do not respond to the email, and do not click any links in the email.
  2. Instead, open a new browser tab and visit Amazon.com to reset your password.

Scammers sometimes use this type of email to trick the unwary into handing over their login info, which is why you shouldn't click a link in or respond to the email itself.

In fact, that's exactly what might be happening here. This email was reportedly sent to an address not associated with an Amazon account, which suggests that this email did not come from Amazon.

But the email did not have any outbound links, so it's not clear what a scammer would gain.

I haven't gotten the email, so I can't comment first hand, but if I had would indeed take the steps to change my password from "Passw0rd" to "Pa55w0rd".

Better safe than sorry.

image by christiaan_008

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

6 Comments

  1. 2 – Amazon Now Resetting Some Account Passwords Following a Security Breach?14 March, 2016
    Reply
  2. S. J. Pajonas14 March, 2016

    I went and reset my password after examining the email thoroughly. All the outbound links in the email were to Amazon.com (no spoofing or redirects), it was sent to my amazon email address, AND all the headers in the email indicated it was truly sent by Amazon.

    Reply
  3. Shari14 March, 2016

    Interesting, because the email that was sent to me was NOT sent to the email address that is tied to my Amazon account.

    Shari

    Reply
  4. […] The Digital Reader points out that “It’s not clear whether Amazon found another security issue, the same one cropped up again, if Amazon is simply recycling the email text whenever they want you to reset your password, or if some scammer copied that earlier email for a new phishing attempt”. […]

    Reply
  5. RA Hively24 April, 2016

    It just happened to me (April 24, 2016) I was PO’ed. If Amazon has discovered a hackers “list” users and their passwords (“but not on our site!”) they need to get it out to all news channels. Then I googled and found it is a form letter that has been used for several years by Amazon. So’s I went to my Amazon account. Sure enough, locked out. So’s I did the password reset. Pretty low life scum bag way to get me to change my password. Enough with the fearmongering. I may get so fearful I’ll just quit using Amazon entirely.

    Reply
  6. […] reset user passwords following possible security breaches. Those password resets have made the news back in March, and in November of last year. Amazon has in fact been sending emails to users with news of […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top