The magazine described in a detailed report “wiredA shocking data leak in the customer data field of online mail order company Amazon. According to the report, employees have used a flawed system in recent years to see celebrity purchases, among other things.
So the data was so easy to access that even employees without proper rights were able to spy on commands. According to Wired, the entire purchase history was available to Amazon’s global customer service team. A former Amazon employee, who asked not to be named, told the magazine that he saw how his colleagues watched the shopping history of several stars such as Kanye West or actors from the “Avengers” movies.
Other Amazon employees reported that several of their colleagues searched for order history for their ex-partners or people from their immediate surroundings. Everyone really did, everyone did it,” said a former customer service manager. The detailed report is based on various interviews with former employees and on memos and internal documents from the years 2015 to 2018. The investigations provide an in-depth look into the online giant’s garbage structure, which has led to completely unauthorized access to sensitive data. Customer data.
The former Amazon Vice President for Information Security also spoke to Wired. When he started working at the company, the security systems were in a “horrible” state. The whole thing was “tied up with duct tape and gum,” said Gary Gagnon, who took the position in 2017.
According to Wired, in some cases, more than 3,300 small Amazon teams are working with sensitive customer data around the world. In 2018, the company’s data risk roots were analyzed internally. As stated in a security note, teams tend to capture the data they need, copy it and save it elsewhere. Result: “mostly undocumented distribution of copies of data sets”.
This rapid and frantic spread made it nearly impossible for the information security department to control Amazon data. The memo says, “The growing number of records copies combined with Amazon’s decentralized accountability and ownership model,” burdened the security department with an absurd task. In fact, the security team tried to map all of the Amazon data back in 2016 – and couldn’t do it.
“Over the years we’ve invested billions of dollars in building systems and processes to protect data and are constantly looking for ways to improve it,” Amazon spokeswoman Jane Bemisderfer told Wired. The fact that Amazon’s privacy and security issues were fully documented and comprehensively reviewed by management underscores our commitment to these issues and demonstrates the vigilance with which we identify, escalate, and respond to potential risks.”