On Tuesday, Amazon started sending out emails to its users asking for a quick password reset, the reason is a possible breach of some of the users’ credentials.
According to the email (dispatched by the company), Amazon was not sure if there is a possible breach into their systems or not but as a precautionary measure they want the users to reset their Amazon’s account password. An excerpt from the email said:
“Recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party,” ZDNet reports.
But, not all the users have been asked for a password reset only a few users have been sent the email so a breach that might have been limited after impacting few users can be the possible conclusion. Though, if you are an Amazon user, better reset your password.
There is no official confirmation from the company itself on how many users are affected from the breach and how the breach took place.
This news came just one week after Amazon announced two-factor authentication for the Amazon users. Though, enabling the two-factor authentication is up to the user but it did make user accounts far more secure. What it did is, with the password, it required the user to verify either with QR codes or a code sent via text message on users’ phone that they are the genuine users and the owners of the account.
Most probably of the users impacted by this breach might have been the ones having an account on Amazon.co.uk as on Amazon.co.uk two-factor authentication is still not available. But, Amazon.com users can’t be ruled out as well.
Password resets are not something uncommon as world’s leading online brands have made their users reset their passwords whenever they had the slightest suspicion of a possible data breach.
Regular credentials breaches are calling for the online brands to come up with something innovative to restrict the hackers. Though, companies like Yahoo have already had raised the user security by introducing two-factor authentication.
But, wider implication of more secured systems is still far away. According to Keith Graham (CTO at SecureAuth) that companies need to employ more innovative approaches and quick get rid of simple username and password system. He further said:
“Advances in adaptive authentication have brought to market a number of options that help users stay both secure and productive by layering multiple methods such as, device recognition, analysis of the physical location of the user, or even by using behavioral biometrics to continually verify the true identity of the end user. By layering adaptive authentication techniques, organizations like Amazon can further strengthen their defenses against cyber adversaries,” reports the ESecurity Planet.
He also criticized the Amazon users for the hack as he said users are never proactive on keeping their passwords safe, they use same easy to guess passwords for all the platforms.
This is not the first time when Amazon has sent password resetting warning emails. In 2010, the firm urged users to reset their passwords due to a security breach. So, if you are an Amazon customer, change your login credentials right now.