The e-mail sent to affected users said that the company had "recently discovered that your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party," according to ZDNet. The messages said there was "no reason" to believe passwords were actually revealed to a third party and it was taking action out of "an abundance of caution."
Last week, Amazon.com started to offer two-factor authentication for customers -- a security measure that requires users to verify their identity through a second method, typically a code sent via e-mail or text message.
While the pre-Black Friday timing is less than ideal for Amazon, it's not the first time the company has reset customer passwords. Back in 2010, Consumerist reported that some customers had their passwords reset after the company discovered their e-mail and passwords were posted online. In that case, the company said password re-use by customers was to blame, rather than any leak from its own systems.