When I started selling the first gadget I ever made on Amazon I was so excited and was only getting a couple sales a month. If you were one of my customers I looked at your house, judged your grass, found you on LinkedIn and Facebook, Instagram, mortgages, mugshots, everything lol. The sellers also get your full name and address even on fulfilled by Amazon.<p>If you have been on the net long enough this will creep you out: <a href="https://haveibeenpwned.com/" rel="nofollow">https://haveibeenpwned.com/</a>
This is how it looked for me: I few days ago I was shopping on Amazon and they showed me a message, you already purchased this product. See order details. I was surprised since I did not buy it before. After clicking the link, I was shown details of not my order, including name, address and email where a product was shipped to.
This is one of the less appreciated clauses of the GDPR: That companies are <i>required</i> to disclose data breaches within a reasonable time-frame, and users <i>have the right</i> to know about any exposure of their data.
"Besides the brevity, what's giving people pause is they sign the email <a href="http://Amazon.com" rel="nofollow">http://Amazon.com</a> Why cap the "a" and why no <a href="https://" rel="nofollow">https://</a>? Strange"<p>This one is easy to answer: the customer support people aren't particularly technical. In many ways, Amazon is a weird mashup of a traditional retailer and a tech company.
based on spam email i have received, that i clearly should not have, i believe this was an exposure to marketplace sellers from whom you have bought a product.<p>I am <i>very</i> careful with my email. i’m not just guessing here. i actually reported it to amazon security. (no answer from them of course.)
One comment further down stated that it might have affected marketplace sellers. Amazon doesn't really put the same amount of thought and resources on marketplace than Amazon retail even if they should IMHO.<p>Regardless, that's AFAIK the first time that ever happened to Amazon. Bad enough if it was third party sellers. A catastrophe if it was Amazon customers. With all the controversy regarding counterfeits in some countries an incident that bears the risk of impacting customer trust is the last thing Amazon needs. Maybe I should have sold my stock 4 months ago... But maybe Q4 will be stellar and stock goes up again in January. I should think about a stop order, just in case Q4 disappoints that year.
An email address isn't secret, is it? It's sent back and forth in clear text through any number of relay servers. I consider my name and email address to be basically public information. Along with (unfortunately) my Social Security number.<p>If Amazon exposed any data fields <i>more</i> sensitive than email address, I would call that stonewalling/covering up as TC seems to be implying. But otherwise it kind of just sounds like TC being all petulant that Amazon wouldn't tell it everything it wanted to know. And the motivation there is likely to be the generation of clicks, not the protection of customers.<p>Take the "number of users affected" for example. Knowing that info doesn't help any individual customer. But it does help journalists drum up pageviews, or at least I feel like <i>they believe</i> it does. Having a big number in there is like this (dubious) Holy Grail of page-irresistability. I'm just judging from how, for example, the reporters on the TV news always bug their eyes out and raise their voice and talk really slowly and emphatically any time they come to a number. "The pool was reported to be FOURTEEN FEET DEEP..." "The petition has THIRTY THOUSAND signatures..." Wow! A number! I'm supposed to be all impressed I guess! <i>ZOMG let me throw all my money at you right now!!!!</i>
Every major tech company has had this problem, yet people still keep sharing their personal info (even home address, phone numbers, social security numbers) online. Don't share anything you wouldn't yell out on a crowded street to strangers.
Hmm... it seems this drip of bad news in big tech is setting up for some heated debates on regulation. It will be interesting how proactive the Europeans are with GDPR.
I don't understand this. In the American startup I'm working we're extremely careful with respectful data practices due to ethics and GDPR (we have a lot European customers). Why doesn't Amazon give a shit about GDPR? Do they have a leverage?