Hello all,
I’m a french user of Amazon, (so amazon.fr) and tonight out of nowhere amazon require me to change my password.
I haven’t read anything about a leak since 2018 on google, but i feel like this is not normal.
Does anyone have some info i didn’t get ?
Did some people in the last leak received an email or something ?
I use uniq password, but at the time of this account creation, not random one yet … so i am a tad worry
How did you find out about this?
Did you click an email link?
If you are concerned, find any other accounts that share that password change the password.
i went on the official amazon.fr to add a product to my shoping list, seen i wasn’t logged, try to log in (enter my password with bitwarden) and got this
Nothing have that same password, so if it was well hashed i don’t have issue, but like most of my other account pre 2017 have a derived of this… and because i didn’t have a list of the account i had, i can’t change it everywhere…
There could have been a number of things that happened.
I would change the password and make sure it’s secure, and check that there are no odd purchases.
This sort of thing happens occasionally. I wouldn’t worry about it.
Building on this, if someone gets into your account, it is a big deal, with possibly big consequences. On the other hand, if they send out unnecessary password change forms, it is only a minor inconvenience.
So, in their algorithms, it is presumably tuned so they send out more password changes, even ones that are almost certainly not an actual issue. Due to the balance of the inconvenience vs the benefit.
I am ok with password reset being sent, but the lack of transparency about why is frightening.
I am pretty sure i haven’t been breach since i use 2fa, so they either had data from elsewhere, data that could help people protect other accounts, or they leaked accounts data once again, maybe with private info like name and address… and i would like to know…
I’ve send a request to there privacy department since they have to disclose stuff like that, I’ll see if I get a reply.
The fact that no-one else got this is also weird to me…
This is amazon. Lack of transparency is the business model. Don’t like it = don’t use it.
Just because not everyone else is opening a forum thread about it doesn’t mean noone else got it 
Password reset requests happen all the time and it is completely normal. They don’t have to have a reason why they request it either.
As the Cake pointed out those fraud protection systems would rather send out a password reset then not if they have any kind of doubt. You don’t have to have been breached for it to send out the password change, that is the whole point of the system.
Source?
It’s news to me that they have to disclose why they want to keep your account save.
was about
Even in the US, they have to disclose leak, but i guess i wasn’t clear enough 
I got an amazon rep contacting me, and they told me that they couldn’t find any flag on my account, and will be back in touch shortly. We’ll see.
Agreed, but usually when something like this happens to many people, there a post, twitter thread, new’s about it.
And every-time i had a company requesting a password reset before, i got an email, something in the line of “we’ve detected unusual behavior on your account and locket it up”.
And when i say usually, i mean the 2 time this happens without a real data breach being the cause of the lockup.
Amazon is a normies company, most people don’t have password manager, most of them use the same password everywhere. Forcing a change of password for a company like that is not trivial, and could lead a user to just not using the service anymore.
Would you imagine your credit-card company changing you pin every-time they suspect fraud and lock it down ? It would not stand…
This is why i stand back behind my point, they have to be something important for this move, or a bug…
I’ll leave my account locked until i get an answer to this, and hope there system screw up
Change Password. Check if you have a clean PC and if there is no Man-in-the-middle attack option.
Sudden accidental password change recommendations are either the result of an error, a periodic change policy, or an attempted hijacking or something else …
Just make sure you are really on the real site.
If a CC company suspects fraud they will (depending on the circumstances) either lock the card and ask you to contact them, or terminate the card and send you a new one straight away.
The PIN is not needed everywhere, especially online. POS terminals will also let the card be authorised without a PIN or even signature at the discretion of the shop owner. Of course if that purchase was fraudulent then the shop owner is SOL, which is why most won’t do that.