Amazon has issued an e-mail alert in which it warns a number of its customers that someone leaked their information online.
The online retailer alerted some of its customers on 4 October. As quoted by the Daily Express, the email reads as follows:
"At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites. We believe your e-mail address and password set was on that list."
It's unclear at this time where the leak materialized or who might have posted the list of email addresses and passwords online. Amazon maintains that the security incident didn't violate its internal protocols.
Also unknown is the number of users affected by this data leak.
Currently, it's believed 304 million people are active users on the e-commerce website.
Amazon recommends that all affected individuals change their passwords as soon as possible. They can do so by clicking on Your Account > Forgot your password? and following the subsequent list of instructions.
To protect against similar incidents such as these, users should also consider enabling two-step verification (2SV), an opt-in feature that provides Amazon members with an additional layer of security by sending a one-time passcode to a verified mobile device every time someone tries to log into their account.
2SV ensures that users maintain control of their accounts even if a bad actor happens to compromise their login information. For a detailed guide on how to enable 2SV on your Amazon account, please click here.
Finally, those affected by the data leak should be on the lookout for suspicious emails, as bad actors could abuse their usernames to send them phishing emails laced with ransomware.
In today's information age, it's important that everyone from individual users to companies know how to spot a phish and prevent a ransomware infection.
To learn about how you can contribute to the fight against phishing and ransomware, please attend Metacompliance's webcast "Is Phishing and Ransomware a Critical Issue for You Yet?" on 19 October at 15:00 local time.