New report reveals Amazon’s failure to protect data – WWD

AmazonThe retail empire’s vast retail empire sputters with data – and apparently the dam breaks quite easily, according to a report that broke on Thursday.

Disclosure from Investigative Reporting Center and reviewed tech outlet Wired Amazon The document points to a serious failure to protect the information of consumers and merchants on the platform. Ratings and profilers reportedly gained access to a deep source of account information, leading to instances of tracking, as well as bribery by external bad actors seeking to infiltrate accounts. seller and steal the product.

In one such case, a party known as Krasr — identified by CNBC as Mohamed Multhazim Akbar Ali in Toronto in 2017 — targeted the seller of the Pure Daily Care skincare product. One memo noted that Krasr had sourced contacts using LinkedIn and Facebook and paid them a total of $160,000 over the years. Amazon arrested and fired seven employees involved in the scheme.

Responding to WWD’s request for comment, Amazon spokeswoman Jen Bemisderfer explained that the company “referred Krasr to law enforcement in 2018 as we will whenever we determine there is fraudulent activity affecting its customers. As soon as we became aware of this malicious activity, we deleted the associated merchant accounts and we will continue with enforcement and delete the merchant accounts linked to Mohammed Multhazeem Akbar Ali, if any of these accounts appear in the future. ”

Whether Amazon responds appropriately may not be the issue, since catching people behind is practically one thing. Identifying the systemic problems that led to the breach in the first place is another matter.

The breach report describes the department responsible for securing customer data in its retail business as overburdened, understaffed and demoralized, in part due to frequent shifts in leadership and the broad nature of the information this department is tasked with protecting.

Meanwhile, Amazon, pursuing its mission of “becoming the most customer-centric company on Earth,” has allowed workers to spend a lot of time accessing customer data. Flexibility means lower-level employees can spy on celebrities’ buying habits, take bribes from unscrupulous sellers for data on rival sellers, gauge the market strict and more, the report said. Millions of credit card accounts appear to be vulnerable, and the security team can’t tell if they’ve been accessed illegally. Apparently a Chinese data company has been collecting information from millions of customers.

Amazon seems to believe that there is no point in digging up old fodder. According to Bemisderfer, “statements made in Wired’s story are based on information that is out of date and out of context and completely unrelated to Amazon’s current security situation.” She points out that the company invests billions of dollars in data protection and that it is in a state of constant, ongoing work to strengthen its systems.

That includes encouraging people to present issues quickly, she said, which can lead to exaggeration or misjudgment of risk. That’s good, she believes, as it allows problems to be identified and resolved as quickly as possible.

But The biggest security holes tend to be human, not technical. For now, how Amazon is approaching that aspect remains to be seen.

Bemisderfer notes that, with Amazon’s privacy and security issues being widely recognized and reviewed, caution should be exercised in identifying, reporting, and responding to potential risks. “An objective assessment of the facts would lead to the same conclusion,” she added. “Unfortunately, that’s not Wired’s approach to the story and is instead a narrative set to paint Amazon and our approach to security in a negative light.”