Man entering a building with an Amazon pick-up location

“Amazon got hacked” messages are a false alarm

Amazon customers have been seeing a message on social media that has caused some alarm.

Most of the posts look like one of these (depending on the social media platform):

“PSA!! Amazon got hacked. For USA based people, check your Amazon account. Hackers added HUB lockers as your default delivery addresses. Remove it! I had 2 added to mine.”

Hub lockers are local secure places for people to pick up their Amazon order rather than risk them being left on a doorstep, so the concern was that someone could buy something on your account and then send it to the Hub locker to be picked up.

Here’s another similar post, this time saying the lockers were actually fake:

“PSA: check your saved addresses on Amazon. Amazon got hacked and a lot of people (including me) have random “Amazon lockers” saved in their addresses – which are not actual lockers. If you do use Amazon lockers, be sure to verify that the locker you’re sending it to is an actual locker.

Double check your order history and make sure there aren’t any orders you don’t recognize. And check your bank accounts to make sure your credit card on file is also not being used for unauthorized purchases. “

It’s not surprising that those messages would raise the alarm amongst Amazon’s customers, but thankfully the security alert is nothing to worry about.

The additional addresses are genuine Hub locations or other pick-up locations and they weren’t put there by hackers. Amazon added them in error.

As an Amazon spokesperson told Snopes:

This isn’t a data security matter and our systems are secure. Amazon pickup locations were added to a small number of customer accounts in error, and we are working to fix the issue. We apologize for any inconvenience this may have caused, and customers with questions about their account are welcome to contact customer service.

Things like this are tricky – on the one hand we are always pleased for people to share security issues and alert others to potential problems. However in this case it appears as though people were forwarding the message without first checking if it was, in fact, a real issue.

And nowadays with social media and instant messaging, rumours like these can spread fast. All it takes is some panic, little research, and a lot of contacts.

If you see a message like this, always do a bit of research before forwarding it on. Sites like Snopes allow you to search for keywords and you’ll find a lot of hoaxes including this one.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.