Former Amazon security officer testified that 'general employees had free access to customer's personal information.'

Amazon has a huge database of user purchases, searches, and conversations with Alexa. It is reported that Amazon's database has been in a state where ordinary employees can easily access the user's personal information for a while, and Amazon overlooked a big security risk.

Ex Amazon exec says customer data protection was a mess

https://www.fastcompany.com/90699295/amazon-allowed-major-breaches-in-customer-data-protection-alleges-ex-chief-of-infosec

Amazon reportedly gave employees access to practically all customer data --Protocol — The people, power and politics of tech
https://www.protocol.com/bulletins/amazon-data-investigation

Wired , an IT-related media, obtained an internal document and reported that 'customer information was so sloppyly managed that any employee could access it.' According to Wired, about 24 million credit card numbers and names will be `` in Amazon's system for about two years until 2017, when former Amazon chief information security officer Gary Ganyon took up the position. It was stored in an 'unsafe place', and there was no way to confirm whether the data was accessed illegally.

According to Ganyon, Amazon's internal security system is poor, allowing regular employees to look into customer purchase data or bribe from buyers who want to thwart competitors and tamper with reviews. It was in a state. At that time, Amazon had no system to prevent employee security risks, and Ganyon said it was in a 'free for all' state.

Ganyon also testified that Amazon's security system sometimes overlooked external threats. According to a survey, Amazon's seller rating program allows third-party developers to collect customer data, including some Chinese data companies that have collected information from millions of users. Was included.

After that, the security team led by Mr. Ganyon evaluated all the security problems in Amazon on a five-point scale and dealt with them. However, although Mr. Ganyon's team was originally planned to have nearly 1000 people, it was actually about 300 people. When Mr. Ganyon requested more personnel, he was refused to add more personnel by another department. 'The information security team seemed to be seen as a burden to Amazon,' said Ganyon, recalling that the work to deal with the problem was like a whac-a-mole as the problems spewed out one after another.

'Amazon has an extraordinary track record in protecting customer data,' Amazon spokeswoman Jen Bemisdelfer told Wired, saying that Ganyon's track record is 'exceptional.' 'Amazon's privacy and security issues are documented to highlight Amazon's security efforts and to draw attention to identify and address potential risks,' said Bemisdelfer. That's it. '