JonBlog
Thoughts on website ideas, PHP and other tech topics, plus going car-free
Suspected data leak at Amazon
Categories: Life

Oh dear. Hot on the heels of the play.com data hiccup, I find myself on the receiving end of spam from an address I’ve only ever used at amazon.co.uk. To avoid the likelihood of a dictionary attack guessing a forwarding address, I often use the format <website-fqdn><yyyymmdd><code>@domain, which is approximately what I use at Amazon. Nevertheless, I recently received this delightful scam email at my Amazon alias, apparently from an IP range in the Ukraine:

Date:      Thu, 5 May 2011 16:xx:xx +0000 [ 5 May 2011 05:xxPM BST]
From:      leanne spencer <xxxxxxx@hotmail.com>
To:        [my-amazon-alias]@[mydomain]
Subject:   Jon

Internationally located organization searching for employe in the UK for representation job with part-time and full-time schedule options.

Relocation is not required, you will operate from her city. Medical and travel fees are repaid.

Must be motivated organized person, 18+ age. Salary from 3000 GBP + commission earned.

This capacity is ideally suit to an individual with demonstrated experience through purchaser service, supply chain & logistics within a production environment where quality is high.

Simply respond to this email to find a full job description. Feel free to send your Resume for a confidential discussion. They are looking forward to discuss the job occasion with you.

£3K – is that per month or per week? 🙂

Anyway, I’ve sent a few messages to Amazon, and they’ve:

  • Reassured me that Amazon is safe to use
  • Told me how great the privacy policy is
  • Asked me to send the item of spam in for analysis
  • Sent me information on phishing and internet security, in case I’m an techno-numpty
  • Escalated the problem to another team, who said much the same thing

They’ve not yet, however, explained how an impossible-to-guess email alias has ended up on a spammer’s database.

Interestingly, the play.com debacle was easy to prove, since a flood a complaints appeared on the internet – it would have been daft of them to deny it. However, I can only find one other instance of the above connected to Amazon, which isn’t particularly persuasive even if I’m certain of my case. In any case, Amazon would need a good handful of examples in order to narrow down their various third party suppliers and affiliate sellers who had access to all affected customer records.

So, for the time being, this post is search engine bait. If you’ve received spam to an address that only Amazon should have known about, post in the comments. Meanwhile I’ll keep the alias open to pick up any more spam, but for now it seems to have been a one-off.

Update 10 May

I’ve given up with Amazon. Even though there’s another instance of the same item of spam, involving an Amazon-only email address, and within the same time-frame, they’re nevertheless certain that they “have had no leaks within our system”. With an infrastructure as large as theirs, I am not convinced that it is possible to be sure of that. Still, one can take heart from the helpfulness of their customer service reps: their latest message contained the suggestion that I call the police “to report the crime”! 😀

7 Comments to “Suspected data leak at Amazon”

  1. Tim says:

    I also started receiving spam from an Amazon only email address (one today and first one on 5 May).

    Thing is though, they share email addresses with their marketplace sellers so they might be responsible for this one.

    I’ve sent them a complaint. Doesn’t look like I’ll get a good response!

    Tim

  2. Jon says:

    Hey Tim,

    Yes, I think you’re right – the low number of leaks, plus the fact that third-party sellers are likely to be less secure than Amazon itself, would point to this conclusion. I would imagine third-party sellers only get customer data if they need to fulfill an order, rather than having wholesale access to all customers.

    I also got a spam item today from the same source – will update this post when I get a moment.

    Do let Amazon know, but I don’t expect you’ll get very far. They probably deal with so many technophobes that they assume everyone who shouts about a data leakage is to blame themselves!

    Best,

    Jon

  3. I posted a sarcastic response to a spam e-mail that clearly originated in Amazon’s dealings with me: it addressed me as only Amazon does. I got a flood of responses in the comments box and 1500 views instead of my usual 100 or so a day, so clearly there’s a problem.

    (http://plashingvole.blogspot.com/2011/05/ooh-new-job.html)

    I contacted Amazon. They replied to say they hadn’t sent the spam (I didn’t suggest they had) and that they were ‘investigating’.

    I don’t think we’ll hear any more from them.

  4. Jon says:

    Hi Vole 🙂

    Amazon mentioned to me that they were ‘investigating’ too, though I sensed initially it was a copy-n-paste reply that didn’t really mean what it said. I’d expect someone in Amazon to know there’s been a minor leak, but I’d not be surprised if front-line customer service teams haven’t been told – they might be trying to ‘contain it’ instead.

    That said, one customer service rep did say I had a choice as to whether or not to use marketplace sellers; I wonder if they were implying that some are more trustworthy than others, without wanting to state as much. If so, I think they might be right!

  5. Russell says:

    I too have received several spam emails, exactly the same content as the email you quote above.

    Given this has almost certainly been disclosed through a marketplace reseller, perhaps we can figure out who by cross-referencing the resellers we’ve used. In the 2 years I’ve used :

    Nevada
    Hypnosis and Health Care UK
    Tone Deaf Music
    owlsmart_usa
    sunrise_books
    awesome_books_001
    mediadashstore
    media_moguls-uk
    Wynsors World of Shoes
    World of Books
    serendipitystores

    Has anyone who received the spam done business with any of these? It’s extremely likely to be one of them.

    Russ.

  6. Jon says:

    Hi Russell.

    Good idea, but my list doesn’t reveal any matches:

    * Indigostarfish.com
    * Amazon EU S.a.r.L.
    * The Book Depository
    * ioub

    I signed up in November 2007.

    On Plashing Vole’s blog, an anonymous contributor suggests that a leak from a hacked server at supplier Epsilon might be the cause. Like you and others, I’d regard third-party sellers as the more likely leak, but given that it was supplier infrastructure at Play.com, I’d expect the same could happen to Amazon.

  7. Dickey Derkers says:

    Leaking ball-Zach is no longer contained and spam spores are more prevalent when using machine with contracted stds. JMeigh.tiff.rassler.org is one that transmits dx to meal daily.

Leave a Reply