With the number of data breaches getting out of control, it seems to be harder and harder to keep our personal information out of the hands of cybercriminals. We recently told you about Yahoo's data breach, when up to 3 billion accounts were compromised.
The Yahoo incident happened in 2014 and is the largest data breach in history. Now, users on other sites could be impacted by the Yahoo breach.
Amazon is sending emails to some of its account holders, asking them to change their passwords. The online retail giant is telling some members to update their passwords because a list of user credentials was recently found online. Amazon is claiming the list of credentials is not Amazon-related, meaning its site has not been breached.
Amazon said user credentials were discovered while the company was doing routine monitoring. It sent emails to members who it believes were on that list, letting them know that their Amazon password had been reset. Amazon did this as a precautionary move because many customers reuse their passwords on many sites.
This email list could be associated with the Yahoo breach, but it's uncertain at this time. This isn't the first time Amazon credentials were reportedly exposed. Earlier this year we told you about 80,000 credentials of Amazon Kindle users that were compromised.
If you have an Amazon account and didn't get the email, you should still change your password to be safe. Here are some extra security suggestions:
- Change your Amazon password now
- Activate two-step authentication
- Use a password manager
When Amazon discovered the list of credentials online, they sent an official email to affected users. However, as we've warned you before, official looking emails could be a phishing attack by a cybercriminal.
If you receive emails like this you should take these steps to make sure it's not a phishing scam:
- Be cautious with links - If you get an email or notification from a site that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
- Do an online search - If you get a notification about something like your password has been reset, you should do an online search on the topic. If it's a scam, there are probably people online complaining about it and you can find more information.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos.
- Have strong security software - Having protection on your gadgets is very important. The best defense against digital threats is strong security software.