In a detailed report, the magazine “Wired” describes a shocking data leak in the area of customer data at the online mail order company Amazon. According to the report, employees have used a flawed system in recent years to, among other things, view the purchases of celebrities.
The data were therefore so easily accessible that even employees without the appropriate rights could to spy on the orders. According to “Wired”, the entire purchase history was available to Amazon’s global customer service team. A former Amazon service employee, who wants to remain anonymous, told the magazine that he had seen his colleagues view the shopping history of various stars such as Kanye West or actors from the “Avengers” films.
A deep insight into the ailing data architecture of Amazon
Other Amazon employees reported that many of their colleagues were looking for the order history of their ex-partners or people in their immediate vicinity would have. “Everyone, really everyone did it,” said a former customer service manager. The detailed report is based on various interviews with former employees and on memos and internal documents from the years 2015 to 2018. The investigations provide a deep insight into the negligent data architecture of the online giant, which resulted in completely unauthorized access to sensitive data Customer data had.
The former vice president of the Amazon team for information security also spoke to “Wired”. When he started at the company, the security systems were in a “shocking” state. Everything was like “held together with tape and chewing gum,” said Gary Gagnon, who held the post in 2017.
Amazon was no longer able to get a grip on the data
According to “Wired”, sometimes more than 3,300 small Amazon teams work with sensitive customer data worldwide. In 2018, the roots of the company’s data risks were analyzed internally. As stated in a security memo, the teams tended to capture the data they needed, copy it, and save it elsewhere. The result: a “mostly undocumented distribution of copies of the data sets”.
This rapid and frenzied distribution made it almost impossible for the information security department in some cases impossible to get a grip on Amazon’s data. “The increasing number of copies of records combined with Amazon’s decentralized accountability and ownership model,” says the memo, burdened the security department with a Sisyphean task. In fact, the security team tried to map all of Amazon’s data back in 2016 – and was not able to do so.
Amazon spokeswoman underlines the company’s commitment
Amazon spokeswoman Jen Bemisderfer emphasized to “Wired”: “Over the years we have invested billions of dollars in building systems and processes to protect data and are constantly looking for them Opportunities for improvement. ”And she continues:“ The fact that Amazon’s privacy and security issues are comprehensively documented and have been extensively reviewed by management, underscores our commitment to these issues and shows the vigilance with which we identify, escalate and respond to potential risks. “