Amazon Spain denies breach after hacker claims to leak data of over 5 million users

Amazon Spain has firmly denied allegations that a massive trove of personal data circulating on the dark web belongs to its customers, following claims by a hacker that information from over five million users had been compromised.

The claims surfaced on May 28, when a cybercriminal operating under the alias “Vaquilla” alleged they had leaked sensitive personal data from Amazon Spain. The information, reportedly affecting more than 5.1 million individuals, included full names, Spanish national identity (DNI) numbers, email addresses, home addresses, and phone numbers. The data was initially posted on a public online forum and later shared widely on social media by accounts including HackManac, which specializes in tracking leaks from the dark web.

In response, Amazon issued a statement asserting that there is no indication of a security incident within its systems. “While we continue to investigate, we have found no evidence that Amazon has experienced a security incident and our systems remain safe,” the company said.

Amazon Spain rejected any connection between the leaked information and its customer base. The company pointed to key discrepancies in the data as evidence, specifically noting that it does not request or store customers’ DNI numbers, one of the core identifiers included in the leaked files. This, Amazon suggested, supports the possibility that the data may have originated from a different company altogether, potentially in an incident dating back to around 2020.

Despite Amazon’s denial, reports and screenshots shared on social media platforms have intensified speculation about the legitimacy of the breach. Users have claimed that the data includes comprehensive personal information, such as names, email addresses, telephone numbers, full residential addresses, and regional location details. The sheer volume and specificity of the information have raised concerns about potential privacy violations and the risk of identity theft, phishing, and other cyber threats.

The alleged breach, if substantiated, could have serious implications in Spain, where Amazon maintains a significant market presence through its Amazon.es platform. As one of the leading e-commerce platforms in the country, Amazon Spain processes vast quantities of user data daily. While no financial information is reported to have been leaked, the exposure of personally identifiable information alone poses potential security and privacy threats.