Amazon force-resets passwords

Amazon has suddenly force-reset many of it's customers passwords after a vulnerability scare

Amazon says the reset was carried out because of an "abundance of caution"
Amazon says the reset was carried out because of an "abundance of caution"

Amazon has issued password resets to many of its members after a vulnerability scare. Yesterday, the online retailer sent an email out to many of its members stating that it has “recently discovered that your password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party.”

This is not the first time that Amazon has issued password resets for its customers, having done so several times in the last decade.

Amazon went on to say it had corrected the issue and does not believe that any passwords were found by a third party but it only issued this forced-reset out of an “abundance of caution.” That said, if the problems were on the customers' end it begs the question why a password reset on Amazon's end would be effective?

Some industry commentators have put it down to Amazon's thorough security mindset and the looming shopping holiday of Black Friday. The riot-inciting day of deals has been known to be an active time for not only shoppers but for cyber-criminals looking to breach their accounts.

Mark Stollery, a managing consultant for Enterprise and Cyber Security at Fujitsu welcomed the reset: “The password reset is a sensible measure, even if it causes a short-term nuisance. Amazon is reducing its vulnerability by proving that it can spot suspicious incidents and deal with them swiftly. Stollery added that this proactivity is something that others might want to start thinking about: “research from Fujitsu indicates that only nine percent of UK consumers believe organisations are doing enough to protect their data, so Amazon and others will need to continually demonstrate their cyber-security competence if they are to keep the trust of their customers."

David Kennerley, senior manager for threat research at cyber-security firm Webroot, echoed that sentiment to SC: “This move by Amazon should be highly commended because it's step further than just meeting standard security legislation, and instead they are actively going above and beyond to tackle an issue.”

Kennerley added that the new addition of two-factor authentication to amazon customers was a welcome addition: “The move towards two factor authentication is also a positive step, with Amazon following in the footsteps of sensitive industries such as banking. Between these two changes we are likely to see Amazon account holders' personal details be far more secure.”