It should come as no surprise that Amazon, the largest e-commerce company in the world outside of China, is overflowing with customer and merchant data. What is surprising, however, is that Amazon’s well of data has been leaking. Reveal from the Center for Investigative Reporting and Wired reviewed critical Amazon documents that highlighted the company’s fundamental failure to protect the information of consumers and merchants on the platform.
Wired released an in-depth investigation, which highlights a slew of disturbing transgressions. According to the report, employees of all levels reportedly had access to a lot of private customer and merchant information. This led to cases of peering, bribery by external actors looking to peer into rival merchant accounts to knock off products, in addition to a slew of other breaches.
What Security Issues Are Happening?
A previous service rep that spoke to Wired, “said he remembered colleagues looking up the purchases of Kanye West and movie stars from the Avengers films, even scoping out a few dildos in a particular celebrity’s purchase log. Other staffers recalled coworkers looking up exes and girlfriends or boyfriends. ‘Everybody, everybody did it,’ a former customer service manager says. They weren’t supposed to, of course.”
In a separate issue, Toronto’s Mohamed Multhazim Akbar Ali developed a brand named Krasr, which he created after targeting and ripping off products made by skin care seller Pure Daily Care. According to the report, Ali found Amazon employees to bribe for the skin care seller’s data through LinkedIn and Facebook and paid them $160,000 total over several years.
Although Amazon fired seven Amazon employees involved in the scheme, former Amazon CEO Jeff Bezos insisted during an antitrust hearing in 2020 that employees don’t access that data. He also said he couldn’t guarantee that the policy prohibiting employees from doing so wasn’t violated.
Where Is the Data Security Team?
Even though Amazon seems to make efforts to address issues and catch bad actors after the fact, the real issue lies in finding and fixing the systemic issues that led to the transgressions in the first place.
The biggest security gaps tend to be human, not technical, and that seems to be the case at Amazon too. The investigation highlighted the department in charge of securing customer data at Amazon as “overwhelmed, understaffed and demoralized,” in part due to the many changes in leadership and the sheer size and state of data it was tasked with protecting.
How Amazon intends to fix these issues at the moment, remains to be seen.