Just when Amazon’s account security was looking good, things have taken a turn for the worrisome. Last week, the online retailer added two-factor authentication, a crucial security feature that had previously been unavailable to its users. As Lily Hay Newman explained in Slate, enabling it is a critical step if you want to protect your account. If that doesn’t sound necessary, consider this: Amazon just acknowledged that some users’ passwords may have been compromised.
ZDNet reports that Amazon has contacted some of its customers, informing them by email—and through their actual user accounts on the site itself—that their passwords “may have been improperly stored on [their] device[s] in a way that could potentially expose [them] to a third party.” The company claims that it has already corrected the issue.
As security concerns go, this sounds like a fairly moderate one. Indeed, it’s important to note that Amazon has not been “hacked”: In its communications with users, the site claims that it does not believe user passwords actually were exposed to third parties. Nevertheless, to protect those who might have been exposed by this vulnerability, the company is forcing them to reset their passwords. Such caution is common for Amazon: ZDNet notes that it has taken similar steps in the past.
Those who haven’t been contacted are likely in the clear this time. Nevertheless, this story should provide an important reminder to those of us who rely too lightly on Amazon’s security features: Consider turning on two-factor now (Newman outlines the steps in her post; it’s simple and surprisingly convenient) and, because you can never be too safe, changing your password as well.