Amazon.com informed some customers Wednesday that their names and email addresses had been “inadvertently disclosed” as a result of a “technical error” but declined to provide further details about the security incident.
The e-commerce giant confirmed it sent the messages, adding in a subsequent statement it had “fixed the issue.” It did not say how many of its users had been affected or where and how emails had been exposed. Amazon said only that its website and other systems had not been breached.
Amazon’s limited disclosure, days before the Black Friday and Cyber Monday holiday shopping frenzies, drew sharp criticism on social media. Among its own sellers, some took to the company’s forums to complain about Amazon’s tight-lipped handling of the matter. “Who knows what they’re not disclosing about this,” one user wrote. “Hopefully nothing …”
Others questioned Amazon after it told users there’s “no need for you to change your password or take any other action,” fearing the potential that hackers still might try to use their names and email addresses for nefarious purposes, including phishing scams.
In October, Amazon said it reportedly fired an employee who inappropriately shared customers’ emails with a third-party seller. The incident, which Amazon said it was working with law enforcement to investigate, similarly resulted in messages to customers indicating their email addresses had been exposed.