Wired: Amazon Lost Control of Customers’ Data, Employees Had ‘Free-For-All’ Access

Amazon CEO Andy Jassy
Isaac Brekken/AP

In a recent article, Wired magazine outlines how Amazon has lost control of its vast collection of user data and failed to protect its customers’ personal information from “internal threat actors,” among others.

Wired magazine reports in an article titled “Amazon’s Dark Secret — It Has Failed to Protect Your Data,” that e-commerce giant Amazon has failed to adequately track and store its vast collection of user data, leaving its customers vulnerable to attack.

Mural of Amazon founder Jeff Bezos.

Mural of Amazon founder Jeff Bezos. (Thierry Ehrmann/Flickr)

Wired writes:

In the name of speedy customer service, unbridled growth, and rapid-fire “invention on behalf of customers”—in the name of delighting you—Amazon had given broad swathes of its global workforce extraordinary latitude to tap into customer data at will. It was, as former Amazon chief information security officer Gary Gagnon calls it, a “free-for-all” of internal access to customer information. And as information security leaders warned, that free-for-all left the company wide open to “internal threat actors” while simultaneously making it inordinately difficult to track where all of Amazon’s data was flowing.

Andrew DeVore, a former prosecutor and Amazon representative, testified before Congress about the company’s dedication to its customers and their data safety. But Wired notes that while DeVore was testifying about Amazon’s commitment to customer safety, major data breaches were taking place:

By the time DeVore started testifying about Amazon’s long-standing commitment to privacy and security, the dangers that the security division had identified weren’t just theoretical. According to Reveal and WIRED’s findings, they were real, and they were pervasive. Across Amazon, some low-level employees were using their data privileges to snoop on the purchases of celebrities, while others were taking bribes to help shady sellers sabotage competitors’ businesses, doctor Amazon’s review system, and sell knock-off products to unsuspecting customers. Millions of credit card numbers had sat in the wrong place on Amazon’s internal network for years, with the security team unable to establish definitively whether they’d been unduly accessed. And a program that allowed sellers to extract their own metrics had become a backdoor for third-party developers to amass Amazon customer data. In fact, not long before September’s hearing, Amazon had discovered that a Chinese data firm had been harvesting millions of customers’ information in a scheme reminiscent of Cambridge Analytica.

Amazon had thieves in its house and sensitive data streaming out beyond its walls. But DeVore—who had himself received a report that year warning that far too many Amazonians had access to insecurely stored passwords, and who had aggressively shot down a company lawyer for questioning Amazon’s reputation on customer privacy—didn’t reveal any of that to the senators.

Read more at Wired magazine here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com

COMMENTS

Please let us know if you're having issues with commenting.