AMAZON RESETS CUSTOMERS’ PASSWORDS AFTER STOLEN CREDENTIALS FOUND ONLINE
Amazon has reset some of its customers’ passwords after it discovered their login credentials had been posted online.
The online retailer emailed affected users to inform them of the action after it discovered the stolen email addresses and passwords during “routine monitoring”.
“While the list was not Amazon-related, we know that many customers reuse their passwords on several websites,” it said in a message explaining the password reset.
“We believe your email address and password set was on that list. So we have taken the precaution of resetting your Amazon password. We apologise for any inconvenience this has caused but felt that it was necessary to help protect you and your Amazon account.”
It is unclear where Amazon found the credentials posted, how many accounts featured in the database or where they were actually stolen from in the first place.
The discovery of the list highlights the dangers of users reusing the same password on multiple sites, as if one is breached then hackers may have access to all their accounts.
As such, Amazon advised users to choose a password they have not used before on any other website or service following the reset in order to stay secure.
It is possible the data may have come from one of several recent mega-breaches.
Yahoo recently admitted that it suffered a data breach in late 2014 in which 500 million users’ account details were stolen. It blamed the incident on a state-sponsored actor.
Its agreed buyer, Verizon, reportedly asked for a $1 billion (£820 million) discount following the breach to account for the damage to the firm’s reputation.
Just weeks earlier, 43.5 million Last.fm account details were discovered online, which were later revealed to have been stolen during during a data breach in 2012.