Some US and UK Amazon members found that they were unable to log into the site yesterday after the online retail giant force-reset an unknown number of user accounts. The company emailed those affected to inform them of the change. The notification was also sent to their Amazon account message center, confirming its authenticity.
Amazon was a bit vague over what prompted the move. The email said even though it had “no reason” to believe any passwords had been disclosed, Amazon made the decision to force-reset out of an “abundance of caution.”
In the email, Amazon said it "recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party." It adds: "We have corrected the issue to prevent this exposure."
Anyone who received the email is instructed to visit the Amazon homepage and navigate to "Your Account." Then click the "Forgot your password?" link to set up a new one, making sure it’s different from the last password.
Amazon has yet to give any official statement about the password reset. The only official response was from a company support representative in the UK who responded to a customer questioning the email’s authenticity on Twitter. Much like Amazon, the rep wasn’t giving out too much information, saying: “We'd like to check into this with you in real-time” and adding a link for the customer to change their password.
Any security breach couldn’t have come at worse time for Amazon, as we’re currently right in the middle of the company's Black Friday sales week. But it looks as if the move really was just a precaution; better to force-reset some user passwords than suffer a major hack. The news caused shares of Amazon to dip to $661 yesterday before they jumping back up to $671 later in the day.