Earlier today (Tuesday 12th April) an email went out to selected users of Amazon services after email addresses linked to Amazon accounts were found in leaked password lists online. The lists were NOT specific to Amazon services, but since many users recycle their passwords, using the same one for many sites for their convenience, Amazon has taken the precaution of forcing a password reset on any email addresses it discovered associated with the lists.
Amazon have not disclosed what website was targeted in this leak, or even whether or not they know what one it was, though as far as they are concerned it probably doesn’t really matter. They are taking the action based on the fact that any password and email combination is likely to be reused on many, if not all, online services and so if you receive one of these precautionary emails you should really sit up and pay attention.
If you are someone who for convenience or any other reason finds it necessary to use the same password on multiple sites – and I’m not going to judge here – then there are still things you can do to keep yourself safe. Change all those passwords regularly, at least every month. Even something as simple as normalPasswordAprilFool which then changes to normalPasswordMayDay can keep things memorable and safe; it’s a good practice to get into. Using a specific code for the month as well instead of simply tagging the word April or number 04 on the end of the password will also help to stop future passwords being guessed easily.
Of course, using unique passwords is the ideal goal, and changing them all regularly is advisable, but honestly between all our online shopping, banking, social media, email, TV/music and other websites that we use, it can account to literally scores of services, and changing them all monthly – or even remembering all the ones you have signed up to – can be a monumental challenge.
Whatever you do to keep safe, if you receive one of these emails from Amazon DON’T IGNORE IT. They have found at least one occurrence of a valid password for something linked to your email address and the last thing you want is for it to be your bank or credit card so take action not just with Amazon but with ALL your sensitive online accounts.
I have sent Amazon a request for more information about their discovery and will update this message when they reply.