Last weekend, and continuing on to earlier this week, Amazon sent password reset notifications to customers whose accounts were likely using recycled credentials. In somewhat related news, LeakedSource said on Tuesday they’ve added nearly 40 million hacked accounts to their database.
Starting last Saturday, Amazon sent the first batch of an unknown number of emails, warning customers that their passwords had been reset. The move was a proactive measure, taken after Amazon’s security team discovered a list of email addresses and passwords online.
“As part of our routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. Since we believe your email addresses and passwords were on the list, we have assigned a temporary password to your Amazon.com account out of an abundance of caution,” the email states.
The email goes on to suggest – in addition to selecting a unique password that’s separate from any other domain – that customers enable two-step authentication as an added layer of protection.
Amazon didn’t share any details about the list where they discovered the recycled credentials, but a spokesperson confirmed to VentureBeat that the emails were legitimate, and encouraged customers to take action.
Given Amazon's discovery, recent news from LeakedSource is also worth a mention.
LeakedSource reported on Tuesday that they’re adding nearly 40 million new accounts to their database, and 33 million of them belong to the game Evony. The Evony dataset includes usernames, email addresses, passwords, IP addresses, and other internal data.
In addition to the 33,407,472 records from the main game database, an additional 938,000 accounts were also discovered; these came form the game’s forum, which was hacked in late June.
LeakedSource also added 18 other sets of compromised data to their collection, including CraftsForum.co.uk, Enworld.org, TheHackerParadise.com, Vbet.com, GEarthHacks.com, and AutoGeek.com.
The website also teased a future release that will contain about 40 million records, and referenced another data breach at Modern Business Solutions, which includes 52 million records.
The Modern Business Solutions data breach happened because of a misconfigured MongoDB instance, and was quietly fixed after Risked Based Security reported it via Databreaches.net.
However, the data contained within the exposed database was published by a user on Twitter over the weekend, who goes by 0x2Taylor.
“After analyzing the dataset, we can confirm that nearly 58 million records contain full names, IP addresses, dates of birth, email addresses, vehicle data, and occupations were included in the leak,” Risk Based Security explained in a recent blog post.
“Apparently the party that initially identified the open database on Shodan chose to share the IP address of the database with friends (instead of contacting the organization directly), ultimately resulting in the data being exported and dumped online.”