The exposure does not appear to be the result of a breach of Amazon's website or systems, and the amount of information exposed appears to be minimal, but the situation is still far from ideal. It's not clear if anyone accessed the exposed usernames and email addresses. If the information was scraped from Amazon by a malicious party, the leaked email addresses could be used to launch phishing attacks.
Amazon's disclosure of the breach is pretty unsatisfying. Even if the issue is relatively minor, as it seems to be, Amazon's email to affected users is very brief and short on details. It doesn't explain when the error occurred, how long information was exposed or if it was accessed by anyone. The company didn't even apologize for the problem.
While the error that caused the leak may be fixed, Amazon has run into some issues lately with keeping user information private. Last month, the company fired an employee who was sharing customer emails. Earlier this year, it was reported that third-party sellers have approached Amazon employees and offered them cash bribes in exchange for internal data and email addresses of top Amazon reviewers.