DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Amway responds: “Our house has not been broken into”

Posted on May 14, 2009 by Dissent

Yesterday, I posted an entry about a recent breach reported by Amway Global that seemed essentially identical to a breach that they reported last year. I questioned whether Quixtar/Amway had correctly identified the source of the earlier breach and perhaps failed to address it. I had called Amway to discuss the breaches, but had not received any return call. Yesterday afternoon, Amway did return the call, and I put the question to them. Here is their response, in its entirety, which I received this morning, and I am pleased to give them the opportunity to explain and defend their security:

Amway Global is committed to maintaining the highest level of security and privacy of information submitted to its website.

The company has confirmed that individuals who are not account holders have
accessed some accounts on AmwayGlobal.com using legitimate username and password information. This issue is not a breach of the IT security infrastructure of our site. Rather, somebody has obtained legitimate usernames and password information from another source – not from our website. In other words, our house has not been broken into, but someone has gotten their hand on the keys to a few rooms and used them to enter without permission. We do not know right now how this happened. One possibility is that users of our website are using the same username and passwords as they are using on other – possibly less secure – websites.

While this issue is sounds very similar to one Amway Global experienced last year, we have not confirmed that it is. Last year, we did confirm the likely source of username and password information that was fraudulently tapped into in 2008 and were able to remedy the situation for our users and notify the other website of the security issue and how to address it on their own site. Last year’s issue also was not a breach of the IT security infrastructure of our site.

Amway Global has launched its own ongoing internal investigation into this issue and is working to determine the source of the problem. We also have alerted law enforcement authorities about this incident and will cooperate with any investigation they launch. In addition, Amway Global has contacted those whom we know have been affected to recommend remedies.

While we are working diligently to determine the source of this fraudulent activity, there are unfortunately limited measures that can be taken to block access to someone who has obtained legitimate username and password information through ill-gotten means. The best course of action is to follow best practices, which is why we encourage all Amway Global Independent Business Owners and their customers to create strong passwords unique to their Amway Global accounts and change that password frequently. Also, it is strongly advised that IBOs and customers run current anti-virus, anti-spyware on their home computers and keep their operating systems up to date. A good source of information to protect your privacy online can be found at http://www.ftc.gov/bcp/menus/consumer/tech/privacy.shtm.

Related posts:

  • Deja vu all over again: Amway Corp. reports second security breach
  • Massive Amount Of breached Chinese Government Servers By @DeadMellox
Category: Breach IncidentsBusiness SectorOtherU.S.

Post navigation

← CDT Issue Brief: Impact of Health Privacy Law Changes in California
“Operation Plastic Pipe Line” nabs 45 in massive international ring →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.