Years ago I bought my dad an Audible subscription, but because it was a gift I signed up with my email address and then changed it to my dad's address on his birthday. Somehow I ended up inside his Amazon account because I used his email address. I guess some of the backend logic is hard to get right the first time.
Another time I was talking to a credit union CTO who was dealing with someone blocking other people's account access by picking a random account number and making 3 bogus guesses to lock them out. At the time the credit union had a policy that required calling them to unblock... which was a PITA on weekends when people need money.
Speaking of Amazon's account process, I have a really annoying problem with theirs. Apparently I somehow managed to create two amazon accounts with the same email address, but different passwords. They have different order histories and addresses and everything, but the account name is identical. It sometimes makes it confusing to tell why an order I placed hasn't shown up.
Interestingly, I can't change the password on one account to the password of the other account. The attempt fails. Which is... somewhat concerning.
This was considered a feature back in the day; it was called MASE - Multiple Account, Same Email. I'm pretty sure you can just change the email on one of them to get out of that state.
The way it was explained to me: originally, Amazon didn't want there to be any barriers to someone making a purchase on the website, not even the barrier of having to reset a forgotten password. So the choice was made to allow people to create new accounts with the same email address (such as when attempting to check out; that's when this would likely happen). Each account was distinguished at login by its email + password combination.
It was indeed called "Multiple Accounts, Same Email", though I only heard that term applied to it much later (after the phenomenon of these accounts was identified as a problem that the company needed to resolve). I don't think it was exactly what I'd call a feature, in the sense that I don't think anyone expected users to do it intentionally, so much as it was "We don't want to lose a purchase to someone getting stuck at the login screen".
The Web and its users have evolved significantly since those early days, and resetting a password by email is no longer the barrier it once was. Among other reasons: web users are savvy to the idea of having accounts, which was not true in Amazon's early days; and email is a lot faster and more reliable now.
Allowing multiple accounts to share an email address proved to be a problematic decision later on for a number of reasons. Amazon doesn't allow this any more, at least not from the primary sign-in screen; it gives an "Email address already in use" error.
Microsoft have a similar problem relaterade to them merging a lot of services but not accounts. I have an old Xbox Live account on my Xbox 360 which I can’t reset the password for since the email/username was the same as for my Skype account and my Hotmail/MSN account back in the days. This mess is still causing me tons of problems anytime I try to log in to something Microsoft related.
Back in the late 90s, there weren't a ton of free email services and most people used an account from their ISP. Extra accounts were hard to come by. If you had a family sharing an internet connection, they might very well share an email address too. This let them have individual Amazon accounts.
So I have an amazon.com and amazon.in account. The latter one is my main account but the former one I created to redeem a gift card I got from a survey.
Seems more like an artifact of Amazon having enabled global logins late into product development than a "feature" to me.
Are you sure it's two accounts? I am using the same login on two different Amazon sites as well, but I'd call that SSO more so than "two accounts on one email address", since all data is separated by country, but the email and password are the same.
Personally I use the + feature on email addresses to achieve this.
me+folder@example.com
Maps to the account me and will (if configured correctly) put the mail in a folder called folder if such exists.
The reason you might want many accounts with the same email seem many to me if you don't realise that you can create arbitrary distinct emails this easily.
Yes, that's exactly what plus addresses exist for!
It seems to me like all benefits of the "exact same email, multiple accounts" feature are vastly outweighed by the inconvenience for users simply forgetting that they already have an account, and creating a second one by accident that way.
I mean, even I end up almost creating an account by accident every now and then (mostly on sites using the horrible "signup is the default, login needs one additional click" pattern), and I do so using autofill from a password manager!
Indeed! And even worse, some services will happily accept "+" in email fields, but then some part of the service fails to encode the "+" sign correctly, so some features may be broken in unexpected ways.
Sometimes you can't even contact Customer Services because "your account doesn't exist" (because you cannot feed the correct email address to their customer service site).
Thankfully it's rare, but when it happens it's extremely infuriating.
Just so you know, that plus-hack is by no means universal (in addition to the frustrating “you can’t use a plus sign” thing you’ll encounter at various email fields around the net).
Gmail supports it. Microsoft does not. Neither does Yahoo/AOL. It likely was not widely supported in the 90s either. It’s a nice hack but it doesn’t solve every problem.
You are not alone!!! I am in the exact same situation. I've told this to so many people and no one believes. I'm stunned I stumbled on this. Small world
Is it possible that one account was created using an email address and the second account using a phone number, and then some where down the line each account got updated with the missing information so that now both accounts look identical?
I had a similar issue when I created two accounts on different regions using the same email address, then Amazon started operating in my country and they started redirecting one of the accounts to my country, leaving me with a mess of two accounts that would randomly connect to three different regions.
It was really annoying as I would login on my browser to one account normally, but when I ordered an Amazon stick, it came with a different account from a different region preinstalled and would complain I didn't signed up for Prime.
I ultimately fixed the issues by manually changing the email on each account to a different address, but it was very confusing until I figured out what was happening.
Oh well, not Amazon but I got stuck in the ecommerce of a large shop chain. I can't register because they tell me I already have an account. So I use that email to recover the password but I can't because the account must be activated. So I ask for an activation link but I can't because that account doesn't exist. I guess they have different databases or microservices taking care of different steps of the registration process and something crashed at the wrong time and my overall record is inconsistent. I gave up a couple of years ago. I buy from them when I go to one of their physical shops.
Holy crap I did this this on accident when I tried signing up for an Alexa skill in the Alexa app and accidentally created a new account with same Amazon.com email address, then got flagged for suspicious activity cause I was on a VPN and got blacklisted. It took so many calls for customer support to acknowledge there was even an issue and they still told me to just use a different email in the end. I was passed and just made a new Amazon account with the original email address, but simply added a period in the middle and still use it while locked out of the other original account. It’s bonkers lol
I have no idea if this would work and don't want to risk messing it up for myself, but have you tried changing (one of) the account emails?
On the website go to the Your Account page ("Account & Lists" dropdown -> "Your Account" section -> "Account" link, which goes to https://www.amazon.com/gp/css/homepage.html ) and click "Login & security" to get to it. Same place you'd update your password/etc.
Maybe that would work, but I'm also concerned about messing something up. In particular, tripping some bot detection/account duplication algorithm and getting my account banned and all its content gone. I'll suffer the small annoyance rather than risking the black swan disaster.
I wouldn't worry about that. I've had multiple Amazon accounts (with different emails!) going back many years. Never been an issue. They even make it easy to switch between them with the "switch accounts" function.
I've done this, but I was pretty sure I managed to have both accounts with the same password at that point in time. On the plus side, you can change email addresses, so now I have amazon@ and amazon2@ and all is sensible again.
They're on the same TLD; amazon.com. I assume they were merged from some service Amazon bought and combined user accounts with, but I honestly am not sure.
Someone with my name bought a new iPhone in Bismarck, ND last week. They gave AT&T my iCloud email address which is firstname.lastname. An honest mistake, I guess.
AT&T dutifully asked 'me' to confirm my email address. I did not.
Aaaand... now I still get all of his account email. So what's the point.
I've been struggling with this for years - but with a fun twist. My gmail address is first.last, and someone in the UK keeps using it - but they do not have remotely the same first name, and they don't spell their last name the same as I do (the single-L in my username here is a less common deviation, their surname is the more common variant).
Years. I've closed netflix accounts, I've sent them sms from their telco's webtext portal asking them to stop, and still there's a koneill out there who is very, very confused about why his email doesn't work. I know where he lives, I know what pizza he ordered, I know his name, his phone number, I just don't know his email address. And apparently, neither does he.
The number of services that fail at email validation (or keep sending you reminders, forever, that you haven't validated), blows my mind. For such a simple process, that seems to exist on every single service I (and koneill) sign up for, it has a surprisingly low rate of successful implementations.
There is a woman in another state that must have a gmail address very close to my wife’s. We know when this woman gets Botox, how much she pays for her kids dance lessons (a lot!), and so much more. You would think she would realize at some point, but it has been years and my wife still gets so much of her mail.
I used to get email for a guy in California when he would buy something from Harbor Freight, rent a movie from Redbox, or order a pizza. Those started tapering off about a year ago, so he must have figured it out.
The strangest one was I was receiving email for a colonel in the US Army! For a few years I kept getting these group emails to all these army officers about upcoming training exercises. I thought about replying to let them know they shouldn’t be sending them to me, but was worried about getting in trouble, so never did. They continued for years, but finally stopped. I always wondered if the guy had a .mil address and accidentally used gmail.com.
I have a similar problem. I have a half dozen different people sending their emails to my gmail account. One of them is a woman who signed up my address for her health care provider, and they're quite liberal with what kind of detail they're willing to put in an email. I tracked her down on Facebook and mentioned it to her, and she seemed to get that it was a problem she might want to solve, but to this day I still get all those emails.
In retrospect I should have chosen g6adfs789zg2@gmail.com or something.
As dysfunctional as the legal system seems to be at times, I'd be pretty surprised if she could find a lawyer willing to try that. At the very least, she'd half to pay a fair amount out of pocket just to initiate the suit, and this is someone who already hasn't shown much persistence in just getting the email address corrected with her provider.
A lawyer would presumably tell her that a case against me would certainly fail, and the healthcare provider has much deeper pockets. Go after them.
> How does it work for a paper mail - from what I understand it could be illegal to open any letter originated to some other person's name.
This is a federal law called "Obstruction of Correspondence" and it is fairly specific to USPS mail. It applies to letters & packages that are either in a postal facility (including the mailbox) or have transited through it. It does not apply to email.
for paper mail here in Canada I just see it's not for me, mark a line though it and write "Return to Sender, no longer at address". Then it gets put in the outgoing mail system (a slot where I receive my mail, or could also take it directly to any standing postal box, or the post office). Then it goes back though the postal system (for free) to originating sender in most cases.
For anyone else who runs across this, in the US you want to also put a line through the bar code at the bottom of the letter, so it cannot be scanned. Once a piece of mail gets that code, the post office stops reading anything else on the letter and just delivers the mail to where that code says it goes. So you can toss it back in an outgoing slot with 'return to sender' on it as many times as you like, and they'll just return it to you. Until you get lucky and the mail carrier sees it when gathering up the outgoing mail, and helpfully obscures that barcode for you.
Yep, very similar situation here. I get a lot of email for two different people, one in Texas and one in Leeds.
I also started getting a ton of spam from some cell phone retailer in Jakarta - someone used an email address of mine to sign up for a SIM, it seems, and unsubscribing from their crapflood is behind a password, assuming they'd even honor it. I blackholed their mail server at mine, but that doesn't scale.
And I get an endless stream of "a lot has happened since you last logged in" any time I un-blackhole Zuckerbook, and I've never used them.
At this point, every commercial entity I do business with gets a unique email address so I can turn them off. But that doesn't stop the confused/stupid/malicious from using them.
If I can find the time, I've been wanting to write a new milter-type tool to make it much easier to control which mail servers I'll talk. Yes, this is how SMTP dies. But at least it will be usable for me in the mean time.
I got a gmail invite pretty early and choose a single Spanish word that's the equivalent of John.
I'm the recipient of bank statements, cell phone statements, medical information, invitations to parties, and answers to HOA complaints. But more than anything, I'm the world's most prolific subscriber to dating websites, and my taste covers the whole spectrum and back.
I keep using the email address to use for low importance stuff. It's also a good way to see that clicking "Unsubscribe" actually works. Or better, the Spanish equivalent: "Darse de baja". I know the words very well.
I'm in exactly the same boat. Eventually I opened one if his phone bills which had his phone number (UK). I rang him and tried to explain the situation which quickly turned surreal.
He argued that I was lying about getting his phone number from his phone bills because he doesn't get his phone bill emailed out to him. I said yes, that is correct. Your phone bill is emailed to me. Eventually I got frustrated with him and told him I was trying do him a favour and he accused me of hacking his email account.
Then over the next few hours he called me back multiple times to tell me he had called the police, how much trouble I was in, and to tell me to stop calling him and harassing him or he would press charges. I pointed out he was the one that kept calling me, and somehow that registered and he never called back.
He did fix his phone account so I don't get those, but I get plenty of other email for him.
I got a free peacock account this way. They just recently disabled their credit card, but I was able to watch the world cup for free and that's all that matters
I don’t quite know why, but my combination of first and last name on gmail is such that I get email directed at other people with the same name as me, including financial documents. Wild stuff. I would reply with “um you probably should check before sending” but after a while I just started ignoring it.
My gmail address is lastname@gmail.com. Not a particularly common last name, and I thought it lucky when I got that address early on. I've since come to view it as mostly a curse.
I get email invoice every time Orkin goes out to spray a house in North Carolina. No option to say "this isn't me", and I've given up calling to tell them after multiple cycles.
The elderly German couple that would email their train itinerary so that their cousin could pick them up at the station. I would politely reply that I am not their cousin, and consequently their cousin would not be at the station. And six months later we start again.
Someone in Canada with first initial + last name that results in my last name kept getting wired money, and I would get in email with instructions. Of course no "not me" option. I haven't seen one of those in a while, hopefully he figured it out.
And so many more stories of people with my last name or close to it happily sending me their email... But I've had the address for practically forever, and really don't want to let it go.
I got service emails for the same year, model, and color Honda Civic that I own from a dealer in the UK. I am in the US. That alone was spooky.
The car was owned by somebody who matched my first initial, last name email address. (Edwin, I believe…)
I tried to unsubscribe. I tried to contact customer service. Nothing worked.
Each email would come with a little video walk around of the car. Eventually I started responding saying that their paint looked better than my car, etc.
I don’t get them anymore. I presume the owner sold the car.
I've received Amazon gift cards, customs approval for a yacht arrival in Vanuatu, spreadsheets from Iraqi oilfields, children's book reports, pictures of dogs meant to be sent to veterinarians, etc etc.
Same situation, but on mine I got emails from some lady on the other side of the world that wanted to adopt a kid, then later she was scheduling some Botox applications, both cases I was half surprised that they didn't double check and half curious to see what comes next.
Same story here, bro. It was really interesting when my cousins wife emailed me (not thinking it was new) about my cousins infidelity. That one made me rethink the safety of email addresses
Given there's a couple peeps who can't figure out their email address, I do my best to click on 'not me' or just ignore the confirmations intended for other people. But if I get mail for others that should have been confirmed, I mark it spam, because it is. Sometimes that includes an unsubscribe, which sometimes works.
Hey just fyi: they’re not doing it for the purpose of locking people out. They’re doing a distributed account breakin. Doesn’t matter to the thief who’s money they steal, so just try “password” on everyone’s account until you get in.
Years ago I started a Netflix trial account while with the family at my mom's place. I intended it to be for her, and called it 'grandma <her name>'. I ended up paying for it (she never has, directly). But apart from when we're around she barely used it and got back to linear TV (though via internet). Meanwhile, my wife and kids love it and it is among our streaming portfolio (for lack of a better term). So basically it is a Netflix account on someone else's name, though a family member. She kept getting these emails that someone logged in to her account, and every time I answered to her 'yeah that was one of us'. Eventually I changed the email address of the account to my own, and now I keep getting called 'grandma <her name>'. And you know when she watches Netflix? When we're around (well, my kids do then). Now the other day my wife got some kind of confirmation error that this was our account, and ever since the writing's been on the wall that we'll get into trouble on this. Btw, we can only pay for it via gift cards or manual bank transfer. The automated system does not work, and every time it gets our card denied. Honestly, it is an abysmal customer service (my wife tried to sort it out on various occasions w/them; still broken).
Netflix added a way to export your profile's watch history etc to a separate account...
(this is the only reason I could think of why you wouldn't just make a new Netflix acct. lol)
I kind of enjoy these stories since I'm in the inverse situation. I have a firstlast@gmail.com address with my real name, which is pretty unique. I feel a bit annoyed and paranoid sometimes that, since my name is unusual, a Google search will bring up a ton of personal information that I'd really rather be a bit harder to find. But at least I don't get a ton of emails meant for random strangers who put the wrong email somewhere!
I know periods don't count, supposedly, but I still get emails for someone with the same name as mine. My email is first.last, theirs is firstlast. I wonder how much of my stuff they get erroneously?
You are correct that the period doesn’t count. Both email addresses belong to the same account. A possible explanation is that they have entered your email as a mistake.
Instacart has some sort of similar issue, signed up under my email, changed the email address to my wife, support requests get sent to both of our addresses.
Another time I was talking to a credit union CTO who was dealing with someone blocking other people's account access by picking a random account number and making 3 bogus guesses to lock them out. At the time the credit union had a policy that required calling them to unblock... which was a PITA on weekends when people need money.