yeah, looks legit, all it asks you to do is go to amazon and change your password, no links involved - would be a pretty complex phishing scam if it is one
Not at all. The e-mail I got was to an old e-mail address, specifically one no longer associated with my Amazon account - however it was an old e-mail address I verified was contained in the Russian leak a week or so back.
The e-mail contains no links, and instead instructs you VERY specifically to go to Amazon.com, and click the "I forgot my password" link on the website. Note that it never asks you to log in and change your password, which is what an actual official Amazon.com e-mail would do.
Basically, this is a targeted e-mail to ALL users who's username/password was released on the Russian leak, in the hopes that users who's e-mail and passwords have been compromised would go to Amazon.com, click the "forgot password" link, and then the link itself would be intercepted by the attacker and they would reset your password and log in with the new one they create and purchase goods/etc.
Odds are very low they will get anyone with this, but it's still a pretty admirable attempt at some social engineering.
Pretty easy to validate this since the e-mail I got very specifically said my password was disabled and that I needed to hit the "I forgot my password" link, but instead I just went to Amazon.com and logged in with my actual username and password and it still worked fine. The e-mail address they e-mailed me on was also an old e-mail address, almost 7 years unused, and I updated the e-mail address on Amazon about 3 years ago.
It's a very interesting and complicated phish, but I doubt they will nail many people with it.