The holiday shopping season is not the ideal time to be alerted to a potential shopping security issue.
A number of people received an email from the company that said Amazon “recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party … We have corrected the issue to prevent this exposure.”
Amazon has not said whether the password reset was caused by a security breach, but did say the reset was simply a cautionary measure to prevent any data from being compromised. We reached out to Amazon for comment and will update when we hear back.
The password force-reset comes on the heels of the company rolling out two-factor authentication earlier this month. Now accounts can be even more secure by requiring more than just a password. Once you sign up for two-factor authentication, you’ll be required to enter a separate code sent to your smartphone to access your account.
We’ve provided step-by-step instructions on how to get two-factor authentication on Amazon.
Amazon’s emails were sent to both users’ personal inboxes and message centers on Amazon.com, legitimizing the contact from the company. But it’s important to be vigilant, especially during the holiday season when you’re doing a lot of online shopping, as to the emails you receive from online retailers. Last year, an “order confirmation” phishing scam was distributing malware under by posing as online shopping services.
It’s unclear how many accounts were affected, but Amazon’s precautionary password reset serves as a good reminder to update to two-factor login before you start snatching up all those Black Friday deals.
Illustration by Max Fleishman