Under normal circumstances the Amazon data breach risk is kept to a minimal level. The global online retailer is estimated to have generated $38.42 billion in gross profits between September 2014 and September 2015, and such deep pockets mean the company can invest heavily in cybersecurity protections.
With a company as large as Amazon, excellent data breach risk management strategies are essential. The company is a huge target for cybercriminals and a successful cyberattack has potential to make a dent in its profits. If customer data are obtained by criminals, those customers may choose to buy from an alternative retailer in the future.
Amazon data breach risk discovered in time to prevent a successful hack?
This week, a security scare has forced the company to reset some users’ passwords. It is not clear whether a data breach has actually been suffered, but the retailer certainly believes the risk to be credible as Amazon passwords were not requested to be changed. The company forced a reset.
Amazon.com announced that this was “a precautionary measure” to prevent a cyberattack from occurring. The company believes passwords were “improperly stored” or had been transmitted to the company using a method that could “potentially expose [the password] to a third party.”
The company has sent emails to all affected account holders advising them that they will need to specify a new password when then next login. No announcement was made about the number of users affected.
This is not the first time that Amazon has had a major security scare. In 2010, hackers managed to break through its security defenses and compromised a number of user’s passwords. In that instance, users were warned that their accounts had been compromised.
The Amazon data breach scare could affect more than just your Amazon account
It is not clear whether passwords were actually obtained by a third party. Because of the doubt surrounding the reason for the forced change, any individual that receives an email telling them their password has been reset should also change their passwords on all other online accounts if the accounts can be accessed using the same password.
Many consumers share passwords across multiple platforms, but password sharing is inadvisable. Many online accounts use an email address as the login name. If a password is shared across platforms, one data breach could result in all user accounts being compromised.
Amazon data breach risk management: Two-factor authentication now added
One of the easiest ways to improve protection is to introduce two-factor authentication. Many companies only insist on one factor to authenticate users: A password. Two-factor authentication involves an additional element to verify that the person attempting access is the genuine account holder.
Many global companies have now introduced two-factor authentication; although some have only done this recently. In some cases, the additional security measure was deemed necessary after a data breach was suffered. Twitter being one of the best examples. Google uses two factor authentication for its accounts, as does Facebook. This month, Amazon data breach risk management policies were changed to include two-factor authentication on user accounts. It is not clear why it took the company so long to introduce this enhanced security measure. All users should add it, especially in light of this recent security scare.