I received a (valid) security email from Amazon.com which troubled me a bit (see below)......What really bothered me was the bold printed statements on the first paragraph. I replied to that email and hi-lighted that paragraph asking them specific questions on that (why are they monitoring, how do they know what passwords I've used at other sites etc....).
 
More people snooping into my boring life......
 
 
 
 
 
 
"Hello,

At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites. We believe your email address and password set was on that list. For your security, we have assigned a temporary password to your account.

You will need to reset your password when you return to the Amazon.com site. To reset your password, click "Your Account" at the top of any page on Amazon.com. On the Sign In page, click the "Forgot your password?" link to reach the Amazon.com Password Assistance page. After you enter your email or mobile phone number, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided.

Your new password will be effective immediately. We recommend that you choose a password that you have never used with any website.

Sincerely,

Amazon.com"

Hi,
 
I have a feeling my time getting anything at Amazon ... is at an end!
 
I would check the headers, but that as good a phishing email as I have ever seen!
 
Amazon and many other websites, for example, Musician's Friends has all their items also on sale at Amazon and eBay, share the information, but I always thought that it was based on the IP address from your browser, not the email address on the account ... because if it was, then Musician's Friend, and Amazon are abusing the information, because most times you visit you do not login .. it remembers you by IP, not login, if you did not do so ... thus, the information itself is being given some false information, that it doesn't do this or that, when it does! AND likely DID!

One technique I've discovered to avoid all of these types of things is to be so broke that you can't buy anything.  I'm not saying I'd recommend it, but it keeps me off all websites that sell stuff! 

craigb
One technique I've discovered to avoid all of these types of things is to be so broke that you can't buy anything.  I'm not saying I'd recommend it, but it keeps me off all websites that sell stuff! 

That has never stopped me.

bapu

craigb
One technique I've discovered to avoid all of these types of things is to be so broke that you can't buy anything.  I'm not saying I'd recommend it, but it keeps me off all websites that sell stuff! 

That has never stopped me.

That hasn't stopped me either.....I'm broke and Amazon's still sharing my info. Most of the sites I visit are all audio related and I don't even go into the shopping section (mostly the free stuff.....which of course I still have to register).

craigb
One technique I've discovered to avoid all of these types of things is to be so broke that you can't buy anything.  I'm not saying I'd recommend it, but it keeps me off all websites that sell stuff! 

I'm probably done buying things anyhoodle ... so I'll make sure that the CC information is removed at Amazon and such ... but the card listed in there is at zero, and Columbia Credit Union is on guard, for anything coming through there, spoof'd or not. I keep the card at zero, so it's easier to spot.
 
So far it's been fine ... but the ability to buy something in Europe is messed up ... I can not buy a book in Germany because the author is an idiot and does not know how to sell a book in Euros ... go figure!

Moshkito
 I can not buy a book in Germany because the author is an idiot and does not know how to sell a book in Euros ... go figure!

Moral of the story: you shouldn't read books by idiot authors.....you might end up what you read?

Amazon did not say that they found your password for another site in a cache of stolen passwords. they said they found your Amazon email+password there. Since they are not saying that the pair was stolen from Amazon, the assumption is that they checked the pair against passwords stolen from another site, found a match in their database for your Amazon account and concluded that you had used the same pair on the account for the website that was actually hacked. Since they correctly assumed that this would be too big a coincidence they concluded that you must have somewhat foolishly used the same password on at least one other site. Hackers could conclude the same and start using the stolen password on every other site on the internet even if they did not know you had an account there, and so your Amazon account could be accessed by a hacker. They wisely and generously changed your shared password, hopefully before the hackers got around to logging in to your Amazon account.
 
All Amazon had to know was:
Your Amazon account email and password
The fact that the same email and passwords were in a public list of compromised passwords
They did not need to know anything about any other web account you held. 

Yeah, Mesher. Reads to me like Amazon was made aware of a list compiled and distributed by hackers that included your amazon email and PW so they changed your PW for your protection.
 
I could be mistaken on that.
 
It does seem like they did you a solid and if I wuz you I'd be scurryin' like a mofo to secure all my other accounts.
 
However... amazon (I think) and other similar sites do use "cookies" and the like to track what sites you visit to better personalize the crud they try to sell you.
 
I use NoScript in my browser which blocks and exposes tons of tracker scripts on various sites. Generally I only allow the scripts that are absolutely necessary to make a site work properly and when in doubt I google search ones I don't recognize. Most are trackers/adservers/etc.
 
Sneaky buggers.

PS:
 
Do NOT click any links in any emails to change passwords and the like. Manually type the website address into your browser (or navigate to it in a way you can be sure you are not visiting a spoof site), manually log into the site and THEN change any info as needed.
 
I'm sure you know this but it's worth repeating.
 
In this case you can even call Amazon to verify what's up. They do have a phone number... although they do bury it as much as possible.