
Ask HN: Amazon “inadvertently disclosed your email address”? - zaroth
Received a very strange email just now (actually 11:08pm EST) which came from no-reply@amazon.com and Gmail says passes all DKIM and SPF.<p>The subject is:<p>Important Information about your Amazon.com Account<p>The entire body is as follows;<p>Hello,<p>We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.<p>Sincerely, 
Customer Service 
http:&#x2F;&#x2F;Amazon.com<p>—————<p>Has anyone else received something like this? The lack of any context, remediation, scope, etc. makes it almost seem like it was sent in error.
======
gjl7
Same here. Two BIG questions - Where was my info disclosed and for how long.
Nobody at Amazon knows. They know there was a problem and they fixed it. We're
supposed to believe that's it? Like me saying, "By the way, I smashed your car
but don't worry I got it fixed." Wouldn't you have questions that easily could
be answered by me? Not only does it suggest information cover-up, Amazon is
telling me to be like the other good sheep and let it go. While I realize most
people don't care about their privacy anymore, I do and want answers to some
simple questions that Scamazon refuses to answer.

~~~
heinzW
It’s very bizarre. The idea that we will accept such a thin response to
something like this is so crazy.

And the email says they disclosed my email address. Their agent said it was
email or name first, then changed that to email, or email and name...

------
TwoNineFive
I got one of these. It's authentic based on headers. I run my own mailservers.

I use a different mail address for my AWS stuff, so this is purely for my main
Amazon consumer shopping account.

------
heinzW
It’s genuine. The email arrived with me tonight also. Headers checked out ok.

Email read exactly as you say, but the story is actually that they leaked
email or email _and_ name. Of course nobody is gonna say how, when, volume of
customers affected etc. They don’t seem to know the scale or exactly what
happened in Customer Service.

------
DestinyD77
I received the exact same message, so I initiated a chat with Amazon to ask if
the email did indeed come from them and he said it did. He said it was only
the email address and no other information and assured me my account was safe
and secure. I was unable to find out to whom my email was disclosed.

------
ForeignEchelon
[https://www.google.com/amp/s/www.wsj.com/amp/articles/amazon...](https://www.google.com/amp/s/www.wsj.com/amp/articles/amazon-
says-third-party-seller-got-some-customers-email-addresses-1538772883)

Same here

~~~
gjl7
That link refers to a totally different incident which occurred over 6 weeks
ago. They were quick with the info when they could pin it on an employee. Now
Scamazon is being closed lip for some hidden reason.

------
thanksfor
I received as well. This is really uninformative of Amazon. Are we just
supposed to be okay with this? Sure give out our info, no repercussions, and
thanks for being so clear and apologetic.

------
beezle
Got it as well and it does look legit. They really should be saying under what
circumstances the information was disclosed. Should I be preparing for an
onslaught of spam?

------
ActionScripter
I just got this as well, around 11 EST. It's oddly plain-looking, and the
capital A in Amazon.com is unique as well. Still, it appears to have come from
the correct domain.

------
metamonkey
Received the same message at 9:14 MTN. Contacted Amazon support and they
stated that it was sent by Amazon by default and there is nothing to worry
about.

~~~
heinzW
There is stuff to worry about- they disclosed NAMES AND EMAILS according to my
communications with them

------
_liz
Received the same text, and sent about same time (8:10 PST) as others. Does
seem like an error with the strange wording.

------
alex_young
I received one. It's strange that they don't say anything about how it
happened or who had access.

------
Kashall
So the headers and such indicate that it was indeed sent by Amazon, however no
one on Amazon support can verify this as it was also sent to the Security Team
according to their email response. There is no news at this point and its most
likely to be in some tech articles tomarrow. Keep a look out and comment
anything you may find.

------
ForeignEchelon
Same email received. Found this article.

[https://www.google.com/amp/s/www.wsj.com/amp/articles/amazon...](https://www.google.com/amp/s/www.wsj.com/amp/articles/amazon-
says-third-party-seller-got-some-customers-email-addresses-1538772883)

------
GayDingo
I got the same email. I complained to customer support and was given $5
credit.

------
punchcard
Received the same email at 23:57:10 EST, Passed SFP, DKIM, and DMARC.

------
ahorsburgh
I received this same email on my gmail account at 12:06 AM EST.

------
nfrmn
Also received in UK 90 mins ago (9:57am GMT)

------
FatherBoard
Also received in Italy 3 hours ago.

------
masonic
Nothing here on either account.

------
SparkLan
Hit our Exchange servers at 11:40pm from amazonses.com. Looks legit. Pretty
wide spread from what I can tell...

------
antirack
Received the same email. I am wondering if this is related to my shopping, or
the AWS servers I am using.

------
divinebaboon
I received mine at 12:42AM EST, weird looking email I gotta say, really
thought it was spam.

~~~
heinzW
Yes. ^^^ This!! ^^^ Bizarre how they think it’s ok because it was fixed.

------
Kashall
I just forwarded this to their spoof-whatever@amazon.com and I got a reply of:

Thank you for writing to Amazon.com to bring this to our attention.

Your message has been forwarded to our security department, and we will
investigate the situation. Please note that you may not receive a personal
response.

In all likelihood, the message you received was not sent to you by Amazon.com.
We strongly advise that you _not_ send any information about yourself back to
this individual (especially your credit card number or any personal
information).

<omited for npc-based text (just repeats it self)>

Thank you again for taking the time to notify us of this situation.

