The DU Lounge
Related: Culture Forums, Support ForumsAmazon Data Breach?
Has anyone heard about or gotten a message from Amazon asking you to log in and change your password because of a data breach?
My daughter's account was logged out. There was a message saying she needed to change her password because of a data breach. She did this and told me about it.
I can't find any information about a recent data breach, and my account is fine. I am concerned that her account is compromised.
It seems like it could have been some sort of redirect and phish, but she won't even think about it. Her account is linked to my prime account. I'm not happy about that.
Anyone know anything about this?
jberryhill
(62,444 posts)Its a scam.
How did this message from Amazon show up?
Was this an email? A text? A browser notification?
One should never, of course, follow a link from an email to log into anything.
Silver Gaia
(4,544 posts)See my post below. Thanks!
GreenPartyVoter
(72,378 posts)get in touch w Amazon to make sure no purchases have been made yet.
ramblin_dave
(1,546 posts)If an email link was followed to login to Amazon, the scammers could now have her login credentials.
She should immediately login to Amazon at their website and change her password. See if her Amazon account email has changed and put it back if so.
Bev54
(10,053 posts)I think it is a scam, I will not do anything with it.
jberryhill
(62,444 posts)Bev54
(10,053 posts)jberryhill
(62,444 posts)Blue_true
(31,261 posts)Went as smooth as silk, so no message about password.
If the email that your daughter got contained a link to go to change her password, that is a classic phising email. I suggest that she log onto the official Amazon site immediately and change her password again.
Silver Gaia
(4,544 posts)She had been logged out of her account when she went to the website. She hadn't logged out herself, but was logged out. When she entered her password, she got a popup. The popup didn't ask her to change her password in the popup. It just said there was a data breach and recommended that she change her password, which she did on the website.
She installed the app on her phone and changed her password again with the app. It all *seems* OK now. I had her delete her bookmark in her browser and go in on a fresh URL and log in with the new password.
I think/hope she's OK now. :::crossing fingers:::
It just seemed weird that I couldn't find any info about a data breach.
jberryhill
(62,444 posts)This sounds like either a malicious browser add-on or a virus infecting the machine.
This makes no sense at all.
(Does she have access to another machine that she can use to change her data yet again?)
This smells really bad.
On edit, okay, yes, changing the password on the phone and not using that computer is a good idea, but that machine needs an enema.
Silver Gaia
(4,544 posts)But she thinks I'm overreacting. She's an adult and it's her computer, so I can't make her do anything. She did say she will run a virus check. We shall see.
Thanks for your input.
jberryhill
(62,444 posts)https://www.malwarebytes.com/
I have no association with them, but their free download will pick up some browser-specific nasties that antivirus doesnt always catch.
MAYBE it was an exploit which was session-specific to whatever she was doing, and wont happen again.
Silver Gaia
(4,544 posts)It's very good. I'll recommend it to her. Thanks for reminding me how good it is.