Eek! Just in time for Cyber Monday, Amazon has automatically reset some customer’s passwords due to security concerns, ZDNet reports.
According to emails obtained by ZDNet, Amazon told some customers that the company discovered their passwords “may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party.” While Amazon said there was “no reason” to believe the passwords had in fact been compromised, the company was reportedly resetting the passwords as a precautionary measure. Amazon has not yet commented on the email or confirmed how many customer accounts were affected.
Take this as a warning about the importance of keeping your information safe as you do your online holiday shopping this season. If your Amazon password was exposed, there are two main concerns.
Safeguarding your password
If you use the same password across several accounts, that could make it easier for fraudsters to get into both your Amazon account and your other accounts. (Let’s be real, you’ve probably done this: 61% of people say they’ve reused passwords across multiple web sites, according to identity protection firm CSID. The other 39% just have a hard time admitting they do this too.)
The first thing to do — whether you received that email from Amazon or not — is to reset your password to something that you’ve never used before. Stuck? Here’s some advice for coming up with a complicated password you’ll actually remember.
The second thing to do is enable two-factor authentication, which Amazon just introduced this month. Here’s how it works: After you enter your password, Amazon will send you a special code via text message (or you can use an app like Google Authenticator). You’ll have to enter that code to get into your account. That way, even if an identity thief has your password — or can guess it — he still can’t access your account without your phone. Wired explains how to set this up.
Safeguarding your credit card number
Your second concern is that a fraudster could get your credit card information from your Amazon account. Don’t worry too much about this. First, Amazon only displays the last four numbers on your payment card.
More importantly, even if a thief does get your credit card number — from Amazon or from another data breach — consumer protection laws ensure that you won’t be liable for any fraudulent charges, provided that you report the fraud within 60 days.
What this means is that you actually should read your credit card and debit card statements during the holiday season (and throughout the entire year, of course). If you see any purchases you didn’t make, tell your financial institution right away. Under the Fair Credit Billing Act, you’ll get all your money back.