Author Topic: Wait...What? Amazon email that my email address +  (Read 93 times)

0 Members and 1 Guest are viewing this topic.

Southern Jewel's Fab Finds

  • Administrator
  • Master Motivator
  • *****
  • Offline Offline
  • Posts: 17487
  • Southern Jewel's Fab Finds
    • Pinterest
    • View Profile
    • Southern Jewel's Fab Finds
Wait...What? Amazon email that my email address +
« on: November 21, 2018, 08:36:43 AM »
Hello,

We’re contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.

Sincerely,
Customer Service
http://Amazon.com

I checked source on the email.
The IP and all info square up that it's from Amazon.
Email doesn't have Hello <insert business name> but that isn't always the case with communications from Amazon.
[ur=https://sellercentral.amazon.com/forums/t/nice-we-re-contacting-you-to-let-you-know-that-our-website-inadvertently-disclosed-your-email-address-due-to-a-technical-error/429577/27]Discussion on Amazon Seller Forums[/url]:

If a seller hasn't set up 2 step verification... this is the time.
Why didn't  they use the https as opposed to http (security issue?)
Also, for goodness sakes shouldn't this be sent through notification on the site... the message center.
Yep, I would've had a punch to the gut scare moment with a red flag, but gimme a break...they sent an email.

Wondering if I should change password, even though we're told not to.
GRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR!



Southern Jewel's Fab Finds

  • Administrator
  • Master Motivator
  • *****
  • Offline Offline
  • Posts: 17487
  • Southern Jewel's Fab Finds
    • Pinterest
    • View Profile
    • Southern Jewel's Fab Finds
Re: Wait...What? Amazon email that my email address +
« Reply #1 on: November 21, 2018, 08:54:01 AM »
Original Source:
It looks like it did originate within Amazon,

WHOIS Source: ARIN
IP Address: 54.240.13.33
Country: usUSA - Washington
Network Name: AMAZON-ASIA-SIN2
Owner Name: Amazon Data Services Japan
CIDR: 54.254.0.0/16
From IP: 54.254.0.0
To IP: 54.254.255.255
Allocated: Yes
Contact Name: Amazon Data Services Japan
Address: 11F Shibuya Cross Tower, 2-15-1, Shibuya-ku Shibuya, Tokyo
Email: ****************@amazon.com
Abuse Email: abuse@amazonaws.com
Phone: +1-206-266-4064

NetRange: 54.240.0.0 - 54.255.255.255
CIDR: 54.240.0.0/12
NetName: AMAZON-2011L
NetHandle: NET-54-240-0-0-1
Parent: NET54 (NET-54-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16509
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 2011-12-09
Updated: 2012-04-02

OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2017-01-28
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.

OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-266-4064
OrgTechEmail: ****************@amazon.com

OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-266-4064
OrgAbuseEmail: abuse@amazonaws.com

OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-266-4064
OrgNOCEmail: ****************@amazon.com

NetRange: 54.254.0.0 - 54.254.255.255
CIDR: 54.254.0.0/16
NetName: AMAZON-ASIA-SIN2
NetHandle: NET-54-254-0-0-1
Parent: AMAZON-2011L (NET-54-240-0-0-1)
NetType: Reallocated
OriginAS: AS16509
Organization: Amazon Data Services Japan (AMAZO-49)
RegDate: 2012-08-01
Updated: 2013-08-28

OrgName: Amazon Data Services Japan
OrgId: AMAZO-49
Address: 11F Shibuya Cross Tower
Address: 2-15-1, Shibuya-ku Shibuya
City: Tokyo
StateProv:
PostalCode: 150-0002
Country: JP
RegDate: 2012-08-01
Updated: 2014-07-01
Comment: The activity you have detected originates from a dynamic hosting environment.
Comment: For fastest response, please submit abuse reports at http://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse
Comment: For more information regarding EC2 see:
Comment: http://ec2.amazonaws.com/
Comment: All reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.

OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-266-4064
OrgAbuseEmail: abuse@amazonaws.com

OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-266-4064
OrgTechEmail: ****************@amazon.com

OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-266-4064
OrgNOCEmail: ****************@amazon.com


still there's no excuse for not using an https instead of a http.

Southern Jewel's Fab Finds

  • Administrator
  • Master Motivator
  • *****
  • Offline Offline
  • Posts: 17487
  • Southern Jewel's Fab Finds
    • Pinterest
    • View Profile
    • Southern Jewel's Fab Finds
Re: Wait...What? Amazon email that my email address +
« Reply #2 on: November 21, 2018, 03:00:23 PM »
forwarded this email to spoof @ amazon.com
Reply:
 Thank you for writing to Amazon.com to bring this to our attention.

Your message has been forwarded to our security department, and we will investigate the situation.  Please note that you may not receive a personal response.

In all likelihood, the message you received was not sent to you by Amazon.com.  We strongly advise that you *not* send any information about yourself back to this individual (especially your credit card number or any personal information).

If you have already submitted any personal information to this person via e-mail or on a potentially fraudulent web site, you may wish to contact Customer Service for assistance.  To send an e-mail to Customer Service, please visit www.amazon.com/contact-us/

In the future, if you are ever uncertain of the validity of an e-mail, even from us, don't click on any supplied links--instead, type our web site address "www.amazon.com" directly into your browser and follow the regular links to Your Account.  Many unscrupulous spoofers mislead consumers by displaying one URL while taking the visitor to another.

By typing in a well-known address you can avoid this trick.

Also, please be assured that Amazon.com is not in the business of selling customer information. Many spammers and spoofers use programs that randomly generate e-mail addresses, in the hope that some percentage of these randomly-generated addresses will actually exist.

If you are trying to contact us about something other than a spoofed e-mail message, please contact Customer Service for assistance. To send an e-mail to Customer Service, please visit www.amazon.com/contact-us/

If you encounter any other uses of the Amazon.com name that you think may be fraudulent, please do not hesitate to contact us again.

Thank you again for taking the time to notify us of this situation.

 

Sincerely,

Amazon.com

  

Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf