Amazon Forces Password Reset For Some Users

Amazon told an unknown number of customers that their passwords could have been potentially exposed to a third party, but claimed it has corrected the issue.

Larry Loeb, Blogger, Informationweek

November 26, 2015

2 Min Read
<p align="left">(Image: Tuomas Kujansuu/iStockphoto)</p>

8 iPhone Security Apps To Keep Your Data Safe

8 iPhone Security Apps To Keep Your Data Safe

8 iPhone Security Apps To Keep Your Data Safe(Click image for larger view and slideshow.)

In time for the busiest online shopping season of the year, Amazon has forced the reset of a number of user passwords because of a security concern, according to a ZDNet report.

The email sent to affected users in the US and UK said that Amazon had "recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party. We have corrected the issue to prevent this exposure," according to ZDNet. The email added that there was "no reason" to think that a breach had occurred, but the company was issuing a temporary password out of an "abundance of caution."

The report also noted since the emails were sent to users' account message center on and, the messages are authentic.

This concern from Amazon indicates that it would be prudent to reset your Amazon password, even if the email has not been sent to you

The e-commerce giant recently added two-factor authentication for US customers. Perhaps the reasons behind the email sent to affected users sped up the decision to make that new authorization service active.

Amazon has not yet responded for requests for comments on this story.

This type of incident is nothing new to Amazon, which has sent out similar force-reset password emails to affected users in the past, with some cases dating back to 2010.

[ Read Comcast Resets 200,000 Compromised Email Passwords, But Questions Remain. ]

Keith Graham, the CTO of SecureAuth, which sells its access control products to major enterprise customers and has a technology partner relationship with Amazon Web Services, told InformationWeek in an email that, "Amazon force-resetting some of its users' accounts due to fears of a password leak is yet another indication organizations need an innovative approach to authentication that goes beyond the traditional username and password tactic."

Graham added, "While the early days of cumbersome two-factor authentication cast a shadow on the technology, times have very much changed for the better. Advances in adaptive authentication have brought to market a number of options that help users stay both secure and productive by layering multiple methods, such as device recognition, analysis of the physical location of the user, or even by using behavioral biometrics to continually verify the true identity of the end user. By layering adaptive authentication techniques, organizations like Amazon can further strengthen their defenses against cyber adversaries."

About the Author(s)

Larry Loeb

Blogger, Informationweek

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange. His first Mac had 128 KB of memory, which was a big step up from his first 1130, which had 4 KB, as did his first 1401. You can e-mail him at [email protected].

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights