Amazon buyers say they received a notice about an inappropriate disclosure of their email addresses,* but not through a hack or software vulnerability - rather, through an employee who allegedly disclosed information to a third-party seller in violation of Amazon's policies.
Posters on Reddit
said they received the following letter:
We are writing to let you know that your email address was disclosed by an Amazon employee to a third-party seller on our website in violation of our policies. As a result, the employee has been terminated and we are supporting law enforcement in their prosecution. The third-party seller has been blocked from selling on our website. No other information related to your account was shared.
This is not a result of anything you have done, and there is no need for you to take any action.
Amazon Customer Service
Amazon takes great care to prevent sellers from communicating directly with customers even after a purchase, to the frustration of sellers who wish to urge buyers to leave them feedback and product reviews, which can give them a competitive advantage that translates into greater sales revenue.
Last month, the Wall Street Journal reported that Amazon was allegedly investigating reports of bribery
used by sellers to obtain confidential data. It isn't clear if the latest incident is related to that report.
said Amazon did not provide it with details about the alleged incident, nor would it address whether the affected customers were customers of the seller.
A reader said in a comment to the Gizmodo story what some sellers may be thinking: "sellers should have had access to customer emails in the Amazon ecosystem."
It's worth noting that as eBay moves in the direction of becoming a payments intermediary, its sellers may find themselves similarly restricted.
*Updated 10/6/18 after receiving clarification from an Amazon spokesperson.