Amazon resets customers’ potentially compromised passwords
Has Amazon suffered a breach? We won’t know for sure until the company offers more information.
So far, we known only what users affected by the data theft/leak incident were told via email: “We recently discovered that your password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party. We have corrected the issue to prevent this exposure.”
According to ZDNet, the email said that they don’t believe that that the compromised passwords were “improperly disclosed to a third party.”
Nevertheless, the company has forced a reset of the affected customers’ account passwords, just in case.
“The password reset is a sensible measure, even if it causes short-term nuisance. A future attack might be successful, as 100% security is impossible, but Amazon is reducing its vulnerability by proving that it can spot suspicious incidents and deal with them swiftly,” commented Mark Stollery, Managing Consultant, Enterprise and Cyber Security UK & I, Fujitsu.
“This move by Amazon should be highly commended because it’s step further than just meeting standard security legislation, and instead they are actively going above and beyond to tackle an issue,” says David Kennerley, senior manager for threat research at Webroot.
“In general, best practice is to change your password around every three months, using different passwords for the different sites visited, but very few people actually do this, leaving their account at risk. Although it might prove unpopular at first amongst some Amazon customers, the initiative will only improve security. The move towards two factor authentication is also a positive step, with Amazon following in the footsteps of sensitive industries such as banking. Between these two changes we are likely to see Amazon account holders’ personal details be far more secure.”