Amazon reveals customer details data leak ahead of Black Friday

Amazon has revealed a technical error has caused customer names and email addresses to be disclosed on its website.

The e-commerce giant said it has emailed affected customers, with the incident coming during one of the busiest shopping weeks of the year as Black Friday approaches.

The online shopping event predominately takes place in the US around the Thanksgiving holiday but hundreds of UK retailers now also take part on what has become a multi-billion pound shopping day.

The firm said the issue was not a breach of its website or any of its systems, but a technical issue that inadvertently posted customer names and email addresses to its website.

In a statement, Amazon said: “We have fixed the issue and informed customers who may have been impacted.”

It did not disclose how many users had been involved in the incident but confirmed it had emailed all affected customers out of caution.

UK data regulator the Information Commissioner’s Office (ICO) – which Amazon must inform of any data breach as part of the General Data Protection Regulation (GDPR) introduced this year – said it was following the situation.

(Ben Birchall/PA)
(Ben Birchall/PA)

“It is always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers,” an ICO spokeswoman said.

“The ICO will, however, continue to monitor the situation and co-operate with other supervisory authorities where required.”

Richard Walters, chief technical officer of cybersecurity firm CensorNet, said those affected should consider changing their passwords.

“If the reports are correct, the information leaked – names and email addresses – is less significant than some of these other breaches, which saw card details leaked. However, it would be wrong to assume that this makes the breach inconsequential,” he said.

“Cyber-criminals can do a lot of damage with a large database of names and emails. The greatest risk is of brute force attacks – where criminals use a leaked email address and common password combinations to try and break into other personal accounts.

“A large majority of people still use predictable passwords, and thanks to previous high-profile breaches many people’s passwords are also readily available on the dark web. For cyber-criminals, it then just becomes an exercise in joining the dots.

“If you’ve been affected, make sure you change your passwords quickly on all services you use, both work and private.”