Amazon finds cache of reused passwords: change yours now!


Amazon has reset some customers’ passwords and asked them to change them, according to reports.

Amazon says that during “routine monitoring,” it stumbled on a set of email and password sets posted online.

Amazon isn’t the only online service to check for reused user credentials: both Facebook and Netflix prowl the internet looking for your username/password combos to show up in troves of leaked credentials.

From Amazon’s message, sent to an unknown number of customers:

While the list was not Amazon-related, we know that many customers reuse their passwords on several websites.

We believe your email address and password set was on that list. So we have taken the precaution of resetting your password.

We don’t know the size of the emails/passwords list that Amazon discovered. Nor do we know where, exactly, the credentials were found. All we know is that the drop spot wasn’t on anything Amazon-related.

There have been scads of breaches recently. The user credentials could have come from the recent LinkedIn breach, for example.

Other potential sources for the Amazon data set include the MySpace mega-breach, the Tumblr breach, or from the Yahoo breach of half a billion accounts.

With each breach comes an increased chance that a reused set of login details will be discovered and potentially used by crooks to gain access to any account set up with those details.

Amazon’s advice:

Please choose a new password and do not use the same password you used with us previously.

We also highly recommend that you choose a password that you are not using on any other sites. We look forward to seeing you again soon.

Hallelujah and amen to all that!

This is just one more example of why it’s such a bad idea to use a password twice. For more good reasons, here’s a detailed explanation of the dangers of password reuse.

So yes, please do as Amazon suggests and change your password, not just on Amazon but also on any other sites where you use the same login.

Make sure each online account has a different password, and make them all strong!