Amazon Admits It Exposed Customer E-mail Addresses
Zack Whittaker and Josh Constine (via Hacker News):
Amazon emailed users Tuesday, warning them that it exposed an unknown number of customer email addresses after a “technical error” on its website.
[…]
Amazon’s vague and non-specific email also sparked criticism from users — including security experts — who accused the company of withholding information. Some said that the correspondence looked like a phishing email, used to trick customers into turning over account information.
[…]
Amazon, as a Washington-based company, is required to inform the state attorney general of data incidents involving 500 state residents or more. Yet, in Europe, where data protection rules are stronger — even in the wake of the recently introduced General Data Protection Regulation (GDPR) — it’s less clear if Amazon needs to disclose the incident.