With Christmas tree stands popping up around the country and people getting into the holiday spirit, it’s high time for some online crime. Enter the latest news from the hinterlands of our collective data insecurity: Amazon.com experienced a data breach just two days before Black Friday.
It could have been worse, but that’s not to say there’s nothing to see here. What happened: The names and email addresses of customers were temporarily posted to the company’s website. Email addresses are a big part of the hacker’s social engineering strategies, with phishing attacks continuing to pose a viable attack vector. That means the news is important.
Amazon was characteristically tight-lipped about the number of customer affected and the cause of the breach, which it blamed on a “technical error.”
The breach itself is presumed to have occured recently, and reported in accordance within the timeframe stipulated in European Union’s GDPR legislation. Amazon sent an email to the affected customers, informing them that details of their personal data had been compromised, stating:
“We’re contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.”
Among the affected Amazon.com customers was cybersecurity expert Graham Cluley, who brought attention to both the breach and the relative lack of details disclosed.
Read more about the story here.