From PhysOrg:

Amazon.com has required an undisclosed number of customers to reset passwords to their online accounts after the company said some passwords “may have been improperly stored” on devices.

Several Amazon customers reached out to tech-news site ZDNet, saying they received emails from Amazon that the passwords needed to be reset.

Amazon representatives did not return requests for comment.

In the email sent to affected customers, Seattle-based Amazon said it did not believe passwords were exposed but was acting “out of an abundance of caution.”

The issue, whether it is a serious problem or not, comes at an inopportune time for Amazon – just days before the start of the busiest shopping season of the year.

But it’s unlikely Amazon’s system was breached, said Lars Harvey, CEO of IID, an Internet security company in Tacoma, Wash. Rather, Amazon probably realized that a mobile device or a third-party app that people use to access the online store was not storing or transmitting passwords securely, he said.

“A fair number of do not engage in a way that keeps passwords totally safe,” Harvey said. “Sometimes are not transmitted over encrypted protocol.”

Amazon likely discovered the problem with the third-party device or app and decided to notify all customers that have used that service, he said

“They’re pretty vigilant looking to protect their customers,” Harvey said.

Security with many third-party apps is a widespread issue, he added.

In fact, there are security companies that specialize in seeking out and…

Continue Reading