Skip to main content

Amazon resets recycled user passwords out of precaution

In an effort to protect its customers, Amazon has sent out password reset notifications to all of its users who were likely using recycled credentials to access the site.

Last Saturday, the company began to send out the first of many emails warning customers that their passwords had been reset. Amazon decided to take proactive measures after its security team found that a list of email addresses and passwords had been leaked online.

The company's security team reassured customers in an email in which they explained their reasoning behind resetting some user passwords, saying: “As part of our routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. Since we believe your email addresses and passwords were on the list, we have assigned a temporary password to your account out of an abundance of caution.”

Amazon also suggested in its email that users should not only use a unique password for every website they visit but that they would be even safer online by enabling two-step authentication as an added layer of protection. The company did not release any additional information regarding the list or where they discovered it but one of its spokespeople did confirm that the emails were legitimate.

Amazon's decision to reset user passwords comes on the heels of an announcement by the database LeakedSource, which has recently added 40 million new accounts to its collection of leaked credentials. The most recent data leak to the site comes from the game Evony that had 33 million user accounts hacked which provided cybercriminals with their usernames, email addresses, passwords, IP addresses along with other internal data.

18 other sets of comprised data was also added to LinkedSource's database from a number of sites including,,,, and

The site also revealed that it will soon be releasing a data set containing around 40 million records along with data from the Modern Business Solutions leak that contains 52 million records.

The sheer amount of leaked credentials available on LeakedSource is reason enough to drive home the point that a unique password should be used on each site one visits and that two-factor authentication is quickly becoming a must in order to stay safe online. 

Image Credit: Ken Wolter / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.