[graystevens]

Rather than a direct breach of Amazon, I suspect this has been a successfully credential stuffing attack.

Credential stuffing/washing is taking a dump from a previous breach, such as those listed on 'haveibeenpwned.com', and trying them against a whole host of websites. This often works wonders as people re-use the same password elsewhere.

This is different to what people refer to as 'brute forcing' an account, where they would target one specific account and try multiple passwords. This is easy to pick up and block. However credential stuffing on an individual user level is less obvious. You could look at login attempts per IP, but they often utilise open proxies or Tor to help being detected.

Was your password unique to your Amazon account? And by unique I mean no re-used terms and tweaking just the numbers at the end etc. e.g. hunter2, hunter2017

[yq]

There are more post on social media about the breach now. There was no interaction with Amazon.com at all, I tried to login Amazon.com minutes after receiving these two emails. The result shows the account does not exist on Amazon.com anymore. Again, didn't click any link, it just happened.

>This often works wonders as people re-use the same password elsewhere. Was your password unique to your Amazon account?

I really doubt it. The way password managed and password used on this Amazon account is HackerNews approved.