
E-mails from Amazon regarding user's e-mails being disclosed - hateful
https://sellercentral.amazon.com/forums/t/nice-we-re-contacting-you-to-let-you-know-that-our-website-inadvertently-disclosed-your-email-address-due-to-a-technical-error/429577/38
======
elithrar
This was one of the poorest emails I’ve received about a breach. I had to
triple check it wasn’t an odd phishing attempt.

The email, in full:

—— Hello,

We’re contacting you to let you know that our website inadvertently disclosed
your email address due to a technical error. The issue has been fixed. This is
not a result of anything you have done, and there is no need for you to change
your password or take any other action.

Sincerely, Customer Service [http://Amazon.com](http://Amazon.com) ——

No template; not addressed to me; no details. Capitalized domain name.

The email is checking the “we have to notify” box and not an inch more.

~~~
robohoe
I too was perplexed to see "[http://Amazon.com"](http://Amazon.com") instead
of "[https://"](https://") in this day and age...

------
PuffinBlue
I received one of these emails. It does appear to genuinely be from Amazon.

The interesting thing to me is that some people seem to have received the
email from no-reply@amazon.com. I received it from order-update@amazon.co.uk

Perhaps that's just due to being on different TLD but seems interesting to me
that I should receive one from the order-update@amazon.co.uk address.

no-reply@amazon.co.uk exists and would seem like the better email to send out
such a notice from. I'm curious why they'd use the order update email system.

Maybe the name and email was revealed as part of a mis-configured ordering
process? Perhaps revealed to sellers and not a 'breach' in the traditional
sense?

~~~
arooaroo
I got one from order-update@amazon.co.uk too. Looked genuine -- didn't seem to
be fishing for anything. However, the complete lack of information bothered me
a lot.

------
garysahota93
This makes me very sad. You'd think a company with so many employees and SO
much of our data could do a better job at the very least telling us what
happened in a decent way. I get that data leaks happen. It's unfortunate, but
with so many people and so many complex systems, I'm not mad. But it's
absolutely unacceptable to send such a poorly worded email.

~~~
ProAm
> You'd think a company with so many employees and SO much of our data could
> do a better job at the very least telling us what happened in a decent way

You are not their primary concern or interest. Market share and margins are.
You are 100% replaceable within seconds on their platform.

~~~
ghthor
This is the unfortunate truth. You have to stand up for yourself and own your
own data. I like to hope that over the next few years we are reigniting the
technologically literate into self-hosting and providing small hosting
services for their less technologically literate connections. I think the
secret to making this happen is through PKI edcutaional initiatives and
simpiliar access to administration automation. I live in NYC, and my wild
imagination sees a world were each building has a technically literate
"supervisor" that is making a stable profit off hosting the basics for
tenants. It's a pipe dream I know, but that's not going to stop me taking what
steps I can to make that happen.

------
guitarbill
Counterpoint: I haven't got one, despite using both the UK and US Amazon
website regularly. So it remains to be seen what happened, and if Amazon is to
blame.

Edit: Asked around, so far, none of my friends and family who use the UK site
exclusively have gotten an email.

Could also be phishing gone wrong? Because what better time to do it than
close to Black Friday?

~~~
caymanjim
It looks like it has something to do with being a _seller_ on Amazon. Had the
email been sent by someone with a clue, it would have been explicit. Instead
everyone is just speculating (including me).

~~~
guitarbill
I didn't get that from the thread title ("user's e-mails") or the Register
article [0] which says:

> Amazon's UK press office acknowledged that the email was genuine, saying
> only: "We have fixed the issue and informed customers who may have been
> impacted."

and

> [...] this is not a breach in the sense of a hack while maintaining that the
> snafu is an inadvertent technical error and that they emailed customers from
> an abundance of caution.

Looks like they've ballsed up the incidence response quite badly, and seems to
be Amazon's fault.

[0]
[https://www.theregister.co.uk/2018/11/21/amazon_data_breach/](https://www.theregister.co.uk/2018/11/21/amazon_data_breach/)

------
Holybeds
I guess that prevent-public-bucket feature they released last week can come in
handy.

