Amazon Resets Passwords For Some Accounts Following Possible Security Breach

Some Amazon shoppers report having received an email from the online retailer to let them know that their passwords have been reset. Usually that's cause for concern, such as a security breach -- something that's become all too common as of late -- but in this case Amazon says it's simply being cautious.

If that's the case, why make a password change mandatory and limit the change to only a certain number of online shoppers? According to Amazon, certain devices (we assume mobile) store passwords in such a way that they're at risk of being hijacked.

Amazon Fulfillment

The email states that Amazon "recently discovered that your password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party." Amazon goes on to state that it "corrected the issue to prevent exposure" by issuing a temporary password.

Knowing that some users are going to be understandably skeptical, Amazon made it a point to say that there's nothing to suggest anyone's password was stolen or compromised, and that it's simply issuing temporary passwords to certain users out of an "abundance of caution." Or put another way, everything's fine, but your device isn't handling your password correctly so you have to change it.

This isn't unprecedented -- Amazon and other online outfits have forced a password change out of caution before. What's unusual in this case is blaming the mandatory change on insecure devices without taking any steps to correct the underlying cause. If a particular mobile device is mishandling passwords, changing the password is only a temporary band-aid, not a solution.

Via:  ZDNet
Show comments blog comments powered by Disqus