Amazon sent a cryptic and somewhat confusing email to some users about a “technical error”. CNBC posted some tweets that included screenshots of the email. (This odd situation was first reported by Beta News.)
According to the tweets, the email from Amazon had the subject line: “Important information about your Amazon.com Account”. The email said: “We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.”
The wording is really weird. Some people have wondered why Amazon didn’t suggest that people change their email password – advice that is typically given after something like this happens. How long ago did the “technical error” occur? Amazon didn’t say.
It is troubling that Amazon clearly is aware that a “technical error” exposed some user’s email address to those who should not have it. But, for whatever reason, Amazon failed to let users know who their email address had been sent to.
I understand that this sort of situation might be considered a data breach, and that companies are supposed to let users know about what happened. Unfortunately, Amazon’s cryptic email failed to give affected users any clear idea of what happened or why it happened.
To me, it feels like Amazon is blaming their website for the “technical error” – as though the website was sentient and independently made the decision to send out people’s email addresses. It is like Amazon is trying to separate themselves from being blamed for whatever happens as a result of the “technical error”.
Amazon appears to have decided to keep things extremely vague. It sort of informed users about the “technical error”, but managed to leave out all significant details. This is not good enough.