Amazon.com has required an undisclosed number of customers to reset passwords to their online accounts after the company said some passwords “may have been improperly stored” on devices.
Several Amazon customers reached out to tech-news site ZDNet, saying they received emails from Amazon that the passwords needed to be reset.
Amazon representatives did not return requests for comment.
In the email sent to affected customers, Seattle-based Amazon said it did not believe passwords were exposed but was acting “out of an abundance of caution.”
The security issue, whether it is a serious problem or not, comes at an inopportune time for Amazon – just days before the start of the busiest shopping season of the year.
But it’s unlikely Amazon’s system was breached, said Lars Harvey, CEO of IID, an Internet security company in Tacoma, Wash. Rather, Amazon probably realized that a mobile device or a third-party app that people use to access the online store was not storing or transmitting passwords securely, he said.
Amazon likely discovered the problem with the third-party device or app and decided to notify all customers that have used that service, he said
“They’re pretty vigilant looking to protect their customers,” Harvey said.
Security with many third-party apps is a widespread issue, he added.
In fact, there are security companies that specialize in seeking out and…