- A cybercriminal claims to have put up for sale the personal data of 5,1 million users allegedly linked to Amazon Spain.
- The information provided includes names, ID numbers, addresses, phone numbers, and email addresses.
- Amazon categorically denies that the data belongs to its customer base and maintains that its systems remain secure.
- The threat is being investigated, and experts recommend extreme caution regarding potential scams and fraud.
In recent days, news has circulated strongly about a alleged massive data leak of Amazon Spain usersIn response to the alarm, the company and cybersecurity specialists have made their positions public, while users remain cautious and expectant about the possibility that their personal information has been exposed.
The situation was triggered when a well-known profile in the field of cybersecurity, HackManac, issued an alert about the sale of a supposed data package of more than five million users. The information put up for sale on the dark web would include Full names, ID numbers, addresses, emails and phone numbers, data that could potentially be used for fraud and personalized attacks.
Where does the threat come from and what is being offered?
The origin of the alert is located in an anonymous message published on the dark web by an actor known as HeiferThis cybercriminal claims to have compiled a Database containing the personal data of 5,1 million alleged Amazon customers in Spain, obtained between late 2024 and early 2025. To negotiate the purchase of this information, the actor provides a contact on Telegram.
According to what has been leaked, the information would contain identifying details of users distributed in various cities in the country. Everything indicates that this sample has been shared with the media and cybersecurity experts in an attempt to verify its legitimacy. Some are raising concerns that this data could allow for campaigns of phishing, identity theft or fraud directed.
Amazon's official position: secure systems and mismatched data
In response to the news, Amazon has been categorical in its public and private communications. The company emphasizes that, after carrying out a thorough internal investigation, no trace has been found from unauthorized access or leakage from their own systems.
In addition, they claim that The analyzed data sample does not match your customer records, and they insist that the DNI is not a piece of information they routinely request from buyers, reinforcing the idea that the information could come from another source.
In statements to various media outlets, Amazon spokespersons have highlighted: “Our ongoing investigation has found no evidence that Amazon experienced a security incident, and our systems remain secure.”The company also emphasizes that it takes preventive measures and that user security and privacy are a top priority.
What do the experts say and what are the risks?
The cybersecurity sector warns that, although the authenticity of the data package remains under suspicion, Threats of this type are common and should always be taken seriously.Experts warn that personal data, even if it doesn't include financial information, can be used for fraud, phishing emails, phishing calls, and scams seeking to obtain even more sensitive information, such as passwords or bank details.
In this context, the general recommendation is maintain caution in the face of any suspicious communication- Avoid providing personal information to strangers over the phone or by email, and always verify the authenticity of communications that report issues with accounts or passwords.
Precautionary measures and reaction
Amazon has reminded its customers that if they detect any anomalous activity, The company will contact you directly to confirm whether the movements or accesses have been made by the user himself.Additionally, as a precaution, it's always a good idea to change your password periodically and enable two-step verification to protect your account from unauthorized access.
Users can also review their personal information registered in their Amazon account, verifying that the address, phone number, and payment methods are correct. If any anomalies are detected, It is advisable to modify it immediately and contact customer service..
The incident highlights the importance of protecting our data and remaining alert to fraud or identity theft attempts that could take advantage of the alarm generated by news like this.
I am a technology enthusiast who has turned his "geek" interests into a profession. I have spent more than 10 years of my life using cutting-edge technology and tinkering with all kinds of programs out of pure curiosity. Now I have specialized in computer technology and video games. This is because for more than 5 years I have been writing for various websites on technology and video games, creating articles that seek to give you the information you need in a language that is understandable to everyone.
If you have any questions, my knowledge ranges from everything related to the Windows operating system as well as Android for mobile phones. And my commitment is to you, I am always willing to spend a few minutes and help you resolve any questions you may have in this internet world.