If you’ve noticed some strange occurrences on your Amazon account lately, you are not alone. According to Snopes, claims of Amazon being hacked have gone viral on Facebook. The posts suggest that criminals have been adding new mailing addresses to Amazon accounts and then fraudulently labeling them as legitimate alternative pickup locations such as Amazon Locker+, Amazon Hub Locker, Amazon Fresh, and Amazon Counter.
Unlike most Facebook rumors, this one isn’t a baseless conspiracy theory. Several members of BGR’s staff, myself included, checked our Amazon accounts and found similar unexpected new additions on our address lists. So, did criminals gain access to our accounts and add these fake addresses to ship themselves goods on our dime?
Thankfully, that doesn’t appear to be the case.
Snopes directed readers to a Reddit thread where Amazon users were discussing the potential breach. Dozens of users believed they were victims of a hack, but when they dug a little deeper, they were able to solve the mystery. One user explained that they deleted the new address, put an item in their cart, went to checkout, and then deleted the item. When they checked the list of addresses, the same Amazon pickup location had reappeared.
“Just reproduced it myself,” said a second Redditor. “Definitely a bug/feature […] maybe it adds one sort of near a delivery address we’ve used as a placeholder it swaps for the one you select if you decide to pick up. I’m not worried.”
Snopes also reached out to Amazon about the issue and received the following response: “We have no evidence of a security event at Amazon and our systems remain secure. Customers who have questions about their account should contact customer service.”
UPDATE | Dec. 11: On December 8, Amazon shared the following statement with Snopes confirming that there was no data breach or hack:
This isn’t a data security matter and our systems are secure. Amazon pickup locations were added to a small number of customer accounts in error, and we are working to fix the issue. We apologize for any inconvenience this may have caused, and customers with questions about their account are welcome to contact customer service.
It’s unclear how long it will take to fix this issue or whether or not those impacted will be notified when it is fixed. On my own account, I still see an Amazon Locker and an Amazon Counter that I did not manually add to my list of addresses (though I have used both locations). If and when Amazon shares any further details, we’ll be sure to pass them along.
The rest of the original article follows below.
At this point, there are two potential explanations that make the most sense:
- Amazon failed to detect one of the most significant security breaches in its history.
- These locations are automatically being added by Amazon intentionally or due to a bug.
While the former would certainly be shocking and newsworthy, the latter is far more likely. With that said, there is no explanation from Amazon at the time of writing. This is obviously unnerving people, so it would be helpful if Amazon could share a statement. Otherwise, Facebook is going to continue to fan the flames of the conspiracy theories.
In the meantime, you can check your addresses by going to Amazon, hovering over Account & Lists, and then going to Account > Your Addresses. Or just click on amazon.com/a/addresses. Don’t be surprised if you see an Amazon Locker or two.
This also wouldn’t be a bad time to change your password and set up Two-Step Verification. If a hacker ever does attempt to access your account, this will make it far more difficult for them to gain access and start making fraudulent purchases.