There's a rumor going around that some Amazon customers have been getting emails from the retail giant saying some of their information (the email account they created their account with) had been leaked due to a "technical error."
The number of emails that were leaked hasn't been released and no light has been shed on what exactly the technical error was either . Both CSO Online and ZDNet have covered the story. It'd be a pretty big deal considering Amazon's size and this leaks proximity to both Black Friday and Cyber Monday, the two biggest shopping days of the year.The problem here? The story going around doesn't seem to be true what's going on. It looks like the story stems from something that happened back in October. It doesn't look like the breach wasn't necessarily the result of a hack or the exploitation of a technical error but more likely a few Amazon employees that were bribed to share the information with a third-party.
The Wall Street Journal did a nice piece on what happened (that you can read here) and it seems like it might just be that its taken Amazon this long to figure out exactly what happened, what names/accounts were leaked and how to respond to it once they realized no one was actually at risk.
It doesn't help the example email that's been going around looks like a phishing attack. While odd it might just be bad form on Amazon's part.
If anything this is a nice reminder that breach like this can happen to anybody and how important it is to give access to sensitive information only to those qualified/trustworthy enough to handle it.
Identity and Access Management-as-a-Service is very important. We've talked about it before here, here and here.
It's not a fool proof solution, no security solution is. But it helps.