<div dir="ltr"><div dir="ltr"><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><a href="https://www.theregister.co.uk/2018/11/21/amazon_data_breach/">https://www.theregister.co.uk/2018/11/21/amazon_data_breach/</a><br><br>H/T to InfoWarrior for sharing the news - thank you!</div><div dir="ltr"><br></div><div dir="ltr"><p style="margin-top:0px;color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px"><strong class="gmail-trailer">Updated</strong> Amazon has suffered a data snafu just days before Black Friday – and the company was tight-lipped about whether it had notified the British data protection authorities.</p><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">Multiple <i>Register</i> readers forwarded us emails sent from Amazon's UK tentacle informing them that the online sales site had "inadvertently disclosed [their] name and email address due to a technical error".</p><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">The email from Amazon, which included an HTTP link to its website at the end, read:</p><div class="gmail-blockextract" style="border-left:6px solid black;padding-left:1em;font-weight:bold;margin:1.7em 0px;color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px"><p style="margin-top:0px">Hello,</p><p>We’re contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.</p><p>Sincerely, Customer Service</p></div><div class="gmail-CaptionedImage gmail-Center gmail-Border" style="text-align:center;color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px"><img src="https://regmedia.co.uk/2018/11/21/amazon_breach_email.png" alt="Amazon breach email, as seen by a reader" title="Amazon breach email, as seen by a reader" height="237" width="518" style="border: 1px solid rgb(238, 238, 238); max-width: 100%; height: auto;"></div><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">Amazon's UK press office acknowledged that the email was genuine, saying only: "We have fixed the issue and informed customers who may have been impacted."</p><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">The company did not answer our questions as to how many customers had been affected, whether it had informed the Information Commissioner's Office, what the cause of the breach was or how or when it had been spotted.</p><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">The ICO acknowledged our phone call seeking comment but has yet to get back to us.</p><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">Meanwhile, out in the badlands of Twitter, people from across the world were wondering whether they'd been spammed or whether the email was genuine:</p><span class="gmail-twitter-tweet gmail-twitter-tweet-rendered" id="gmail-twitter-widget-0" style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px;display:block;max-width:100%;width:500px;min-width:220px;margin-top:10px;margin-bottom:10px"><div class="gmail-SandboxRoot env-bp-350" style="max-height:10000px;direction:ltr;background:0px 0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:1.4;font-family:Helvetica,Roboto,"Segoe UI",Calibri,sans-serif;color:rgb(28,32,34);white-space:initial"><div class="gmail-EmbeddedTweet gmail-EmbeddedTweet--cta gmail-EmbeddedTweet--mediaForward gmail-media-forward gmail-js-clickToOpenTarget gmail-js-tweetIdInfo gmail-tweet-InformationCircle-widgetParent" id="gmail-twitter-widget-0" lang="en" style="overflow:hidden;border:0px;border-radius:5px;max-width:520px"><div class="gmail-MediaCard-media" style="width:500px;overflow:hidden;background-color:rgb(245,248,250)"><a class="gmail-MediaCard-borderOverlay" href="https://twitter.com/ReanimationXP/status/1065124107035889664/photo/1" tabindex="-1" title="View image on Twitter" style="background-color:transparent;color:rgb(43,123,185);text-decoration-line:none;width:500px;height:179.797px;border:1px solid rgba(225,232,237,0.75);border-radius:4px 4px 0px 0px;box-sizing:border-box;outline:0px"><span class="gmail-u-hiddenVisually" style="overflow:hidden;width:1px;height:1px;padding:0px;border:0px">View image on Twitter</span></a><div class="gmail-MediaCard-widthConstraint gmail-js-cspForcedStyle" style="max-width:837px;margin:0px auto"><div class="gmail-MediaCard-mediaContainer gmail-js-cspForcedStyle" style="padding-bottom:179.797px"><a href="https://twitter.com/ReanimationXP/status/1065124107035889664/photo/1" class="gmail-MediaCard-mediaAsset gmail-NaturalImage" style="background-color:rgb(255,255,255);color:rgb(43,123,185);text-decoration-line:none;display:block;width:500px;height:179.797px;line-height:0;outline:0px"><img class="gmail-NaturalImage-image" width="837" height="301" title="View image on Twitter" alt="View image on Twitter" src="https://pbs.twimg.com/media/DsgUkaYVAAA5y-4?format=jpg&name=medium" style="border: 0px; max-width: 100%; line-height: 0; height: auto;"></a></div></div></div><div class="gmail-EmbeddedTweet-tweetContainer"><div class="gmail-EmbeddedTweet-tweet" style="padding:14.4px 20px 10px;border-style:solid solid none;border-top-color:rgb(225,232,237);border-right-color:rgb(225,232,237);border-bottom-color:initial;border-left-color:rgb(225,232,237);border-top-width:0px;border-right-width:1px;border-bottom-width:initial;border-left-width:1px;border-radius:0px"><blockquote class="gmail-Tweet gmail-h-entry gmail-js-tweetIdInfo gmail-subject expanded" cite="https://twitter.com/ReanimationXP/status/1065124107035889664" style="margin:0px;padding:0px;list-style:none;border:none"><div class="gmail-Tweet-header" style="display:flex"><a class="gmail-TweetAuthor-avatar gmail-Identity-avatar gmail-u-linkBlend" href="https://twitter.com/ReanimationXP" style="background-color:transparent;color:inherit;text-decoration:inherit;height:36px;margin-right:9px;outline:0px;font-weight:inherit"><img class="gmail-Avatar" alt="" src="https://pbs.twimg.com/profile_images/1054445021422702593/EnRvQAHq_bigger.jpg" style="border: 0px; max-width: 100%; max-height: 100%; border-radius: 50%;"></a><div class="gmail-TweetAuthor gmail-js-inViewportScribingTarget" style="display:flex;overflow:hidden"><a class="gmail-TweetAuthor-link gmail-Identity gmail-u-linkBlend" href="https://twitter.com/ReanimationXP" style="background-color:transparent;color:inherit;text-decoration:inherit;display:flex;outline:0px;font-weight:inherit"><div class="gmail-TweetAuthor-nameScreenNameContainer" style="display:flex;line-height:1.2;min-width:0px"><span class="gmail-TweetAuthor-decoratedName" style="display:flex;min-width:0px"><span class="gmail-TweetAuthor-name gmail-Identity-name gmail-customisable-highlight" title="Drew Alden - Looking for Work!" style="font-weight:700;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;padding-right:4px">Drew Alden - Looking for Work!</span></span><span class="gmail-TweetAuthor-screenName gmail-Identity-screenName" title="@ReanimationXP" dir="ltr" style="color:rgb(105,120,130);font-size:14px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap">@ReanimationXP</span></div></a></div><div class="gmail-Tweet-brand" style="margin-left:auto"><a href="https://twitter.com/ReanimationXP/status/1065124107035889664" style="background-color:transparent;color:rgb(43,123,185);text-decoration-line:none;outline:0px"><span class="gmail-FollowButton-bird"><div class="gmail-Icon gmail-Icon--twitter" title="View on Twitter" style="display:inline-block;height:1.25em;background-repeat:no-repeat;background-size:contain;vertical-align:text-bottom;width:1.25em"></div></span></a></div></div><div class="gmail-Tweet-body gmail-e-entry-content" style="margin-top:14px"><div class="gmail-u-hiddenVisually gmail-js-inViewportScribingTarget" style="overflow:hidden;width:1px;height:1px;padding:0px;border:0px"></div><p class="gmail-Tweet-text gmail-e-entry-title" lang="en" dir="ltr" style="margin:0px;padding:0px;list-style:none;border:none;white-space:pre-wrap;direction:ltr">When are companies like <a href="https://twitter.com/amazon" class="gmail-PrettyLink gmail-profile gmail-customisable gmail-h-card" dir="ltr" style="background-color:transparent;color:rgb(43,123,185);text-decoration-line:none;outline:0px"><span class="gmail-PrettyLink-prefix">@</span><span class="gmail-PrettyLink-value">Amazon</span></a> going to realize how to write a proper breach letter? Once again this sounds scammy as shit and has a completely unnecessary link at the bottom.</p><div class="gmail-TweetInfo" style="display:flex;margin-top:3.2px;font-size:14px"><div class="gmail-TweetInfo-like"><a class="gmail-TweetInfo-heart" title="Like" href="https://twitter.com/intent/like?tweet_id=1065124107035889664" style="background-color:transparent;color:rgb(43,123,185);text-decoration-line:none;display:flex;outline:0px"><div class="gmail-Icon gmail-Icon--heart gmail-TweetInfo-heartIcon" style="display:inline-block;height:1.25em;background-repeat:no-repeat;background-size:contain;vertical-align:text-bottom;width:1.25em"></div><span class="gmail-TweetInfo-heartStat" style="margin-left:3px">13</span></a></div><div class="gmail-TweetInfo-timeGeo" style="margin-left:12px;color:rgb(105,120,130)"><a class="gmail-u-linkBlend gmail-u-url gmail-customisable-highlight gmail-long-permalink" href="https://twitter.com/ReanimationXP/status/1065124107035889664" style="background-color:transparent;color:inherit;text-decoration:inherit;outline:0px;font-weight:inherit">12:05 AM - Nov 21, 2018</a></div></div></div></blockquote></div><a class="gmail-CallToAction gmail-CallToAction--mediaForward" title="View Drew Alden - Looking for Work!'s profile on Twitter" href="https://twitter.com/ReanimationXP" style="background-color:transparent;color:rgb(43,123,185);text-decoration-line:none;display:flex;border-color:rgb(225,232,237);border-style:solid;border-radius:0px 0px 4px 4px;border-width:1px;padding:9px 20px;font-size:14px;outline:0px"><div class="gmail-CallToAction-icon gmail-Icon gmail-Icon--profileCTA" style="display:inline-block;height:1.25em;background-repeat:no-repeat;background-size:contain;vertical-align:text-bottom;width:1.25em"></div><span class="gmail-CallToAction-text" style="margin-left:4px">See Drew Alden - Looking for Work!'s other Tweets</span><div class="gmail-Icon gmail-Icon--chevronRightCTA gmail-CallToAction-chevron" style="display:inline-block;height:1.25em;background-repeat:no-repeat;background-size:contain;vertical-align:text-bottom;width:1.25em;margin-left:auto"></div></a></div><div class="gmail-tweet-InformationCircle--top gmail-tweet-InformationCircle" style="margin:0px;line-height:0;padding:6px 6px 5px 5px"><a href="https://support.twitter.com/articles/20175256" class="gmail-Icon gmail-Icon--informationCircleWhite gmail-js-inViewportScribingTarget" title="Twitter Ads info and privacy" style="background-color:transparent;color:rgb(43,123,185);text-decoration-line:none;display:inline-block;height:18px;background-repeat:no-repeat;background-size:contain;vertical-align:text-bottom;width:18px;outline:0px"><span class="gmail-u-hiddenVisually" style="overflow:hidden;width:1px;height:1px;padding:0px;border:0px">Twitter Ads info and privacy</span></a></div></div><div class="gmail-resize-sensor" style="overflow:hidden"><div class="gmail-resize-sensor-expand" style="overflow:hidden"><div style="width:510px;height:391px"></div></div><div class="gmail-resize-sensor-shrink" style="overflow:hidden"><div style="width:1000px;height:762.75px"></div></div></div></div></span><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">Alden gives his location in his Twitter profile as Phoenix, Arizona, which is in the US. Others tweeting about it include folk in the Netherlands and what appears to be South Korea. ®</p><h3 style="font-size:1.4em;margin:0px 0px 5px;color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif">Update @ 1630 GMT</h3><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">After we repeatedly poked Amazon’s UK press office with a pointy stick, they eventually agreed to say that this is not a breach in the sense of a hack while maintaining that the snafu is an inadvertent technical error and that they emailed customers from an abundance of caution.</p><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">The ICO eventually got round to telling us that it’s shrugging its shoulders.</p><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">“Under the GDPR,” said the data protection regulator, “organisations must assess if a breach should be reported to the ICO, or to the equivalent supervisory body if they are not based in the UK. It is always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. The ICO will however continue to monitor the situation and cooperate with other supervisory authorities where required.”</p><p style="color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px">Meanwhile, Amazon’s customer service department initially thought the firm’s own notification email to affected customers was a phishing attempt. A suspicious reader, wondering whether the shonky-looking email was legitimate, sent it to Amazon customer services asking whether it was real, and got the response: “The e-mail you received wasn't from <a href="http://Amazon.co.uk">Amazon.co.uk</a>, and we're investigating the situation … We can’t tell how phishers came to target your e-mail address.”</p><div class="gmail-CaptionedImage gmail-Center gmail-Border" style="text-align:center;color:rgb(0,0,0);font-family:Arimo,Arial,FreeSans,Helvetica,sans-serif;font-size:16px"><a href="https://regmedia.co.uk/2018/11/21/amazon_email_phishing.png" target="_blank" style="text-decoration-line:none;color:rgb(119,119,119)"><img src="https://regmedia.co.uk/2018/11/21/amazon_email_phishing.png?x=648&y=271&infer_y=1" alt="Amazon customer service thinks Amazon's own email is a phishing message" title="Amazon customer service thinks Amazon's own email is a phishing message" height="216" width="518" style="border: 1px solid rgb(238, 238, 238); max-width: 100%; height: auto;"></a></div><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span style="font-size:10pt"></span></b><span style="font-size:10pt"></span><span style="font-family:arial,helvetica,sans-serif"></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>