Amazon today sent some of its users an email informing them that it has changed their passwords. The e-retail giant made the move after discovering a list of email addresses and passwords that had been published online and suspecting that some of its users’ credentials were on that list, given that certain people use the same passwords for multiple services.
An Amazon spokesperson confirmed the authenticity of the email, which encourages users to visit Amazon’s website and assign a new password, ideally one that they haven’t used for other services. Amazon also notes that users can implement two-step authentication.
Amazon has done this sort of thing a few times before, including this year and last year. It’s not clear which password leak prompted this round of password resets. But in August, Dropbox reset some users’ passwords after credentials for more than 68 million Dropbox accounts surfaced online, as Motherboard reported.
Here’s the complete message that Amazon sent under the subject line “Your Amazon password has been changed”:
At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. Since we believe your email addresses and passwords were on the list, we have assigned a temporary password to your Amazon.com account out of an abundance of caution.
You will need to reset your password when you return to the Amazon.com site. To reset your password, click “Your Account” at the top of any page on Amazon.com. On the Sign In page, click the “Forgot your password?” link to reach the Amazon.com Password Assistance page. After you enter your email or mobile phone number, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided.
Your new password will be effective immediately. We recommend that you choose a password that you have never used with any website.
You can also enable Amazon’s Two-Step Verification, a feature that adds an extra layer of security to your account. In addition to entering your password, Two-Step Verification requires you to enter a unique security code during sign in. To learn more about Two-Step Verification, go to Amazon.com Help, go to Managing Your Account, and click More in Managing Your Account, and then click More under Account Settings.