Hacker News new | ask | show | jobs
by superflyguy 2759 days ago
Why would anyone care if you had their address, or email address? Why would Amazon be interested in going into details about an email address leak? Outside of a handful of people who get excited by every leak no matter what, nobody cares. It's an email address. You get some more spam maybe? Big deal.
4 comments
GiuseppaAcciaio 2759 days ago
Because Amazon leaking your email address means you are registered on Amazon; there is a high likelihood that you actually purchased stuff there, and therefore they have your address on file, and maybe even your credit card.

Since a lot of people re-use passwords, if your email is also contained in one of the countless breaches that we've seen cropping out in the last few years, there's a good chance that your Amazon account is using one of the pwned passwords: therefore Amazon's statement that people should not change their Amazon password is potentially harmful advice.

link
Angostura 2759 days ago
> nobody cares. It's an email address. You get some more spam maybe? Big deal.

Go on then... post your e-mail address.

link
speedplane 2759 days ago
People care because it begs more questions. Why is Amazon leaking email addresses? What part of their system is unsecure? Can we trust Amazon at all?
link
superflyguy 2759 days ago
Presumably because nobody cares about the security of email addresses. The part of their system which handles credit cards hasn't been shown to be compromised, but maybe Gmail's spam filter needs to work a little harder. (I've already spent longer writing this than I spend going through my spam folder each year)
link
speedplane 2751 days ago
If a company's user email list is hacked, how much harder is it to attack other information? Financial information (e.g., credit cards) usually get extra security, but plenty of other information is typically stored right next to email addresses (e.g., user behavior history, IP addresses, signup dates, pricing info, password hashes, friend connections, etc etc etc).

So whenever a company says that only their user email addresses were compromised and nothing more, I'm pretty skeptical of the validity of their assertions.

link
IncRnd 2759 days ago
> Why would anyone care if you had their address, or email address?

It's for the same reason that you don't post your name, address, and email address in a signature of your posts on HN.

link