Customers have stated they’re receiving emails from Amazon containing invoices and order updates on different prospects, TechCrunch has discovered.
Jake Williams, founding father of cybersecurity agency Rendition Infosec, raised the alarm after he acquired an e mail from Amazon addressed to a different buyer with their title, postal tackle and their order particulars.
Williams stated he ordered one thing months in the past which just lately turned out there for transport. He checked the e-mail headers to verify it was a real message.
“I feel they legitimately meant to e mail me a notification that my merchandise was transport early,” he stated. “I simply suppose they screwed one thing up within the system and despatched the updates to the incorrect individuals.”
He stated the obvious safety lapse was worrying as a result of emails about orders despatched to the incorrect place is a “critical breach of belief” that may reveal personal details about a buyer’s life, akin to sexual orientation, proclivities or different private info
A number of different Amazon prospects additionally stated they acquired emails seemingly meant for different individuals.
“I made an order yesterday afternoon and acquired her e mail final night time,” one other buyer who tweeted in regards to the mishap informed TechCrunch. “Fortunately I’m not a malicious particular person however that’s an enormous safety challenge,” she stated.
One other buyer tweeted out about receiving an e mail meant for another person. He stated he spoke to Amazon customer support, which stated they’ll examine further safety points.
“Hope you didn’t ship my delicate account data to another person,” he added.
And, one different buyer posted a tweet thread in regards to the challenge, saying they spoke to a supervisor in regards to the challenge who gave a “nonchalant” response, she wrote. She stated the supervisor stated the problem occurs often.
Cecilia Fan, a spokesperson for Amazon, stated: “On account of a technical challenge, some prospects had been inadvertently despatched a Supply Estimate Replace e mail not meant for them. Now we have mounted the technical challenge and are informing impacted prospects.”
It’s the second safety lapse in a yr. In November the corporate emailed prospects saying a “technical error” had uncovered an unknown variety of their e mail addresses. When requested about specifics, the notoriously secretive firm declined to remark additional.
Up to date with Amazon remark.