HN-ers,
On checking out from Amazon today, one of the two recommended "recent shipping address" line items was not one I recognized.
On digging deeper, there does not seem to be any associated activity with this address; for example, there is no order on my account for which it was actually used. While it's certainly possible my account has been hacked (perhaps the most likely, and least concerning, option?), I have been able to identify the address owner (not hard, since I have full name and address!), and it seems unlikely that this is the case.
If this is not a hack, the only thing I can imagine is that somehow PII is leaking between accounts in this way. Amazon support is of course not able to help, for example providing information about orders or logins that might be associated with how that address got into my account.
I've reached out to the owner of the address, and to Amazon support. What next steps would you take here? Any ideas what might be going on?
Hope that Amazon Support does something anyway, but don't expect them to admit fault. I've had a handful of problems with AWS and only once did they come close to admitting that it was their fault.