Amazon staff said to be taking bribes to leak data

WSJ describes an insider threat within Amazon.com.

Amazon staff said to be taking bribes to leak data

The Wall Street Journal reports that Amazon employees have been bribed to leak corporate data - such as sales metrics and the personal details of reviewers - to sellers:

In exchange for payments ranging from roughly $80 to more than $2,000, brokers for Amazon employees in Shenzhen are offering internal sales metrics and reviewers’ email addresses, as well as a service to delete negative reviews and restore banned Amazon accounts, the people said.

Amazon is investigating a number of cases involving employees, including some in the U.S., suspected of accepting these bribes, according to people familiar with the matter

According to the WSJ, Amazon has confirmed that it is investigating the claims - and any staff found behaving inappropriately could face termination and potential legal action.

This story is a good reminder for all of us that not all data leaks occur because a hacker has managed to find a way to breach your network security.

Often the biggest problem is not the threat of external hackers, but rather internal staff to whom you have granted access to sensitive data and who might be tempted to exploit it for financial gain.

For more discussion on this issue, make sure to listen to this episode of the “Smashing Security” podcast:

Smashing Security #96: ‘Bribing Amazon staff, and blinking deepfakes’

Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

Tags: , , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

3 Responses

  1. Cody Austin

    September 17, 2018 at 10:03 pm #

    Is your story credible or gossip for attention? I saw a news story related to the leak of amazons security info. I called Amazon to find out if my account was involved and was switched to a USA supervisor upon my decision not to talk to an offshore rep located god knows where? They referred me to there P-R dept at amazon-prc@amazon.com no direct phone calls only emails excepted. How do I get this issue in more detail?

    • Graham Cluley in reply to Cody Austin.

      September 17, 2018 at 10:20 pm #

      None of the media reports I have read about this (including the original report in the Wall Street Journal - which I link to in the above article) have made any mention of customer accounts being at risk.

      If you represent a company that sells goods via Amazon and you’re concerned that you might have a seller’s account that has, for instance, had its sales metrics snaffled by a competitor then I suggest you contact your Amazon account manager.

  2. taylor1277

    September 18, 2018 at 1:04 am #

    Most companies today suffer more problems with any aspect of IT from the security team to developers. Le look at Google, have you ever seen more Oompa-Loompas within a company destroy its own program, look no further than Google

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.