Amazon reset the passwords of some users’ accounts on Tuesday. ZDnet broke the news, reporting that Amazon had force-reset an unknown number of accounts after passwords may have been compromised.
Amazon has not responded to our request for more information about the incident.
A seller who was impacted posted the email they received from Amazon:
This is an important message from Amazon.co.uk.
At Amazon, we take your security and privacy very seriously. We recently discovered that your Amazon.co.uk password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party. We have corrected the issue to prevent this exposure. While we have no reason to believe your password was improperly disclosed to a third party, out of an abundance of caution, we have assigned a temporary password to your account. To regain access to your Amazon customer account please follow the below steps. We apologize for any inconvenience this has caused.
To regain access to your Amazon customer account:
1) Go to Amazon.co.uk and click the “Your Account” link at the top of our website.
2) Click the link that says “Forgot your password?”
3) Follow the instructions to set a new password for your account.
However, the seller said that after opening up Amazon Seller Central and re-setting the password, “now when I log in there is absolutely nothing in the account, no inventory, no orders, no buyer messages… nothing!”
They explained that they can view all of their previous orders after logging in to amazon.co.uk, but nothing is in their seller central account. “However. My items are still listed on amazon and I’m still getting emails from amazon telling me that FBA items have been shipped and that items have been sold and that I should log in to fulfil them. Obviously when I do this there are no items there. I opened a case but it was like the person who responded was answering someone elses question as it really didn’t make sense!?? HELP.”
After hours of other users trying to help and speculation that the email may have been fraudulent, an Amazon moderator came to the rescue. The seller then explained after receiving her instructions privately, they realized that they had two accounts under the same email address, which caused the problem when resetting their password.
Amazon seems not to have responded publicly about the password reset. The Seattle Times noted that the issue comes at an inopportune time for Amazon – “just days before the start of the busiest shopping season of the year.” But it quoted a security expert saying it was unlikely that Amazon’s system was breached.
Lars Harvey, CEO of IID told the newspaper, “Amazon probably realized that a mobile device or a third-party app that people use to access the online store was not storing or transmitting passwords securely.”