Well, that wasn't quite what it said. And it wasn't me, it was ladysolly.
The email came from amazon.com, where she has an account, and it was telling her that someone had attempted to log in using her email address, so they've changed her password to a temporary password and offer her a link so that she can sign in and change it to a new password.
That's their first mistake; ladysolly is clued up enough to know that she shouldn't click on a link in an email. My email system tells me where an email goes to, as well as where it claims to go to. If that's different, then it's probably a scam. Her email system (iPad) doesn't do that.
So we went to amazon.com, not using their link, and tried to log on. Sure enough, her password didn't work, so the original email was telling the truth (but that doesn't mean it actually came from amazon, of course).
So we changed her password (it checked that she was who she said she was by sending her an email to the email address they have for her) and everything is OK now. But ladysolly was worried - could they have gotten her credit card number?
I don't think so - from the amazon email, it was a password-guessing attempt, which failed.
Later, I checked out the email, and the links really did go to amazon.com, so the whole thing was probably bona fide.
I told her that this could well happen again; her email address is publicly known (most email addresses are) and the hackers could try again. Her email address is only one of many on their long list, and that list circulates amongst the criminal fraternity. Tough luck to anyone whose password is "password" or "123456".