Amazon force-resets some account passwords, citing password leak

It's not clear how many accounts are affected.
Written by Zack Whittaker, Contributor

Amazon has force-reset an unknown number of accounts, after passwords may have been compromised.

A number of readers told ZDNet they received an email from Amazon saying the company has reset their account password. The message was also sent to their account message center on Amazon.com, and Amazon.co.uk, confirming the message is genuine.

In the email, Amazon said it "recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party."

It adds: "We have corrected the issue to prevent this exposure."

The email said it has "no reason" to believe passwords were improperly disclosed to a third party but issued a temporary password out of an "abundance of caution."

It's not new for companies to force-reset account passwords if they have suffered a data breach, for example.

Last week, the retail giant enabled two-factor authentication for all Amazon.com customers. However, two-factor authentication has not been enabled for UK customers yet.

It's not the first time these kinds of force-reset password emails have been sent out. In similar cases where passwords may have been compromised -- some dating back to 2010, the company has sent out notices of warning.

A spokesperson for Amazon did not return a call or email for comment on Tuesday. If that changes, we will update the piece.

Editorial standards