Like many owners of domain names, I have the luxury of a 'catch-all' mailbox to handle anything@mydomain.name. I use a different email address for every online service/vendor, which allows allows me to see if there was a breach of privacy policy. Imagine getting an email from Barnes & Noble addressed to eftps_nospam@mydomain.name (EFTPS is the federal government online filing/payment system I use for paying payroll taxes).
That said, yesterday I started getting spam addressed to an email address that is reserved for my Amazon.com account. That means either the database has been compromised or they've sold the email addresses. Because that email addr is my login ID, the latter is highly unlikely.
I don't know anything about computer security but at the least I would recommend that any of you with Amazon accounts change your email addresses and passwords. Perhaps a Candleblog reader with a strong grasp of the subject might advise us further.
In the meantime, I contacted Amazon, who said "don't open phishing email". Great. Either there's a conspiracy afoot to pretend like it didn't happen or the level of ineptitude is pretty fucking high. I'm going with the latter.
Too bad I like their service.