Startling email from Amazon 7


Data Protection imageWith all the phishing attempts that come through my email accounts on a fairly frequent basis, I had to do a double take when this legitimate warning from Amazon.com came through in the early morning hours of February 19, 2016.

The title of the email was “Your Amazon password has been changed”, which sends up the phishing red flag right away.

However, the content of the email and the fact that it didn’t ask me to log in via any provided links or reply back with any information made me believe that it might be legit.  After some searching, I was able to verify that this was indeed a legitimate email from Amazon.

Here is the exact email for your information:

Hello,

At Amazon we take your security and privacy very seriously. As part of our routine
monitoring, we discovered a list of email address and password sets posted online. While
the list was not Amazon-related, we know that many customers reuse their passwords on
several websites. We believe your email address and password set was on that list. For your
security, we have assigned a temporary password to your account.

You will need to reset your password when you return to the Amazon.com site. To reset your
password, click “Your Account” at the top of any page on Amazon.com. On the Sign In page,
click the “Forgot your password?” link to reach the Amazon.com Password Assistance page.
After you enter your email or mobile phone number, you will receive an email containing a
personalized link. Click the link from the email and follow the directions provided.

Your new password will be effective immediately. We recommend that you choose a password
that you have never used with any website.

Sincerely,

Amazon.com
http://www.amazon.com

After satisfying my curiosity on the legitimacy, I then went to Amazon.com (typing the url into my browser) and sure enough, when I went to log in, I was told that the username/password I had entered did not match.

So, I simply followed the instructions by clicking the “Forgot your password?” link and set up a brand new password.

Although I wish I could have the exact location where Amazon allegedly found my compromised info on a list, I didn’t bother asking because I have a strong feeling that is not information they would be willing to share for security reasons.

My curiosity not satisfied, I decided to do some quick research to see if I could actually track down more information on whether my email was compromised and how.

I quickly came across an article on Forbes titled These Sites Tell Which Of Your Accounts Have Been Hacked written in April 2014 which recommends a couple sites.

I decided to give the first site mentioned a try. That site is haveibeenpwned.com and here are the results I received when entering my Yahoo address that was linked to my Amazon account.

Email Account Compromised image

So it looks like my email info was compromised at the very least back in October of 2013 when 153 million Adobe accounts were breached. If this is the only compromise, I have changed my passwords several times since then and hopefully there are no more current breaches out there with my account info hanging in limbo.

Man, I hate hate hate hate hate HATE hackers. As if we don’t all have enough to worry about in this world.

The other sites the Forbes article referenced are PwnedList and Shouldichangemypassword.com which is now called breachalarm.com

The article and sites mentioned are worth a look.

Feel free to let me know if your info has been compromised and how(if you know).

Stay safe out there.

Leave a Reply

7 Comments on "Startling email from Amazon"

Notify of
avatar
Suz
Guest
Recently found out an old inactive Amazon login was accessed and digital purchases made using their store card that was associated with account. If the bank didn’t call to ask for payment I wouldn’t have known of the fraudulent charges. Old login was setup with an email address I never use. Called the bank, Synchrony, advising them I never made purchases. Called Amazon, EquiFax, FTC, etc. Too late! My credit score went down 112 just… Read more »
Cerri
Guest

I too have just revived the same email quickly log on to find I couldn’t panicked stricken isn’t the word.
Spoke to a customer service rep jeeeeee wizzz extremley hard work I’ve quickly deleted my cards as I got no further when asked have orders been purchased without me knowing may as well talked to the brick wall not a clue or chose not to disclose the flaw in there company

Melissa
Guest

I just got the same email today and found your blog as I search for more information. I find Amazons reaction somewhat frustrating. I am getting the email more than a month after yours arrived.
Thanks so much for the valuable information. Glad to meet you!

wpDiscuz