According to reports, a change in how wishlists functioned meant that instead of showing general information – such as city or country – the system could display the exact delivery address linked to a user’s account. In practice, this meant that someone viewing another person’s wishlist might see the recipient’s full address details, even though they should not have had access to that information.
The issue quickly gained attention on social media, where users warned that their data may have been unintentionally exposed publicly. In privacy contexts, such incidents are often referred to as “doxxing” – the unauthorized disclosure of personal information.
It remains unclear how widespread the issue was or how long the feature operated in this way. It is also not known whether it affected all regions or only specific versions of the service. As of publication, Amazon had not provided a detailed explanation of the situation.
Data protection experts note that even a short-term exposure of an address can have consequences, as information displayed online may be saved, copied, or further shared. In the case of gift-related features, the expected standard is that address details remain visible only within the order fulfillment process and are not publicly disclosed.
If you have used the Amazon Wishlist feature, you should review your privacy settings as soon as possible and verify what information is visible to others. A recommended best practice is to set all wishlists to private to reduce unnecessary risk. If in doubt, contacting Amazon customer support is advisable.