In the week of Black Friday, one of the busiest days of the shopping year, online retailing giant Amazon has reportedly begun forcibly resetting some users’ passwords over concerns about a password breach.
Some users received an email saying that their passwords had been reset, while others were notified through the site’s account message center, according to ZDNet. The email claimed that the company had “recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party”.
The messages said that there was “no reason” to believe passwords had been disclosed to a third party, but the action was precautionary.
Other than what has been reported, there is little information on why Amazon has performed the reset and issued a warning to users. Speaking to Naked Security, Amazon’s press office said that there was no more information on the issue at the time of writing. If that changes, we will update this article.
Even if you haven’t received an alert from Amazon, out of an abundance of caution it’s worth considering resetting your password there and any other account where you’ve used the same password (but you wouldn’t do that would you?).
Remember the rule: one site, one password, and make sure you always pick a proper, secure one.
We reported last year that the average person has 19 passwords – and a third struggle to remember the stronger passwords. If you find it hard to remember them all, consider using a password manager to keep all your secure passwords in one place.
It always pays to be cautious about phishing messages and there is the chance that attackers may pounce on this opportunity to get Amazon users to click on rogue email links. So make sure you don’t click on any unexpected emails – far better to go straight to the Amazon site and change your password there.
The breach reports follow news last week that Amazon is enabling two-step verification, allowing users to log in via a one-time password sent to their phone, or by using an authenticator app.
However, according to twofactorauth.org, many online retailers and other websites have a distinct lack of two-factor offerings.
If the sites you use offer any form of two-factor authentication, make sure you turn it on. It makes it a lot harder for any potential crook to get into your account, because they need a second level of authentication (such as a text message or app on your phone) as well as your login credentials.