The exposure does not appear to be the result of a breach of Amazon's website or systems, and the amount of information exposed appears to be minimal, but the situation is still far from ideal. It's not clear if anyone accessed the exposed usernames and email addresses. If the information was scraped from Amazon by a malicious party, the leaked email addresses could be used to launch phishing attacks.

Amazon's disclosure of the breach is pretty unsatisfying. Even if the issue is relatively minor, as it seems to be, Amazon's email to affected users is very brief and short on details. It doesn't explain when the error occurred, how long information was exposed or if it was accessed by anyone. The company didn't even apologize for the problem.

Amazon's legit been sending out notices saying sorry we exposed your email address. Seems likely related to this https://t.co/21cRB2dHTk... Besides the brevity, what's giving people pause is they sign the email https://t.co/KDiteRFaeR Why cap the "a" and why no https://? Strange pic.twitter.com/mwty3GmCN1 — briankrebs (@briankrebs) November 21, 2018

Did anyone else get this email from @amazon ? I swear, if I get one spam email from this accidental disclosure of my email address, I am forwarding it to @JeffBezos pic.twitter.com/d1WKZVlxSa — Dwayne 🇦🇺 (@AbolitionOf) November 21, 2018

While the error that caused the leak may be fixed, Amazon has run into some issues lately with keeping user information private. Last month, the company fired an employee who was sharing customer emails. Earlier this year, it was reported that third-party sellers have approached Amazon employees and offered them cash bribes in exchange for internal data and email addresses of top Amazon reviewers.