Wednesday, September 26, 2018

"Amazon staff said to be taking bribes to leak data" (AMZN)

Via Graham Cluley, September 17:

WSJ describes an insider threat within Amazon.com.
The Wall Street Journal reports that Amazon employees have been bribed to leak corporate data - such as sales metrics and the personal details of reviewers - to sellers:
In exchange for payments ranging from roughly $80 to more than $2,000, brokers for Amazon employees in Shenzhen are offering internal sales metrics and reviewers’ email addresses, as well as a service to delete negative reviews and restore banned Amazon accounts, the people said.
Amazon is investigating a number of cases involving employees, including some in the U.S., suspected of accepting these bribes, according to people familiar with the matter
According to the WSJ, Amazon has confirmed that it is investigating the claims - and any staff found behaving inappropriately could face termination and potential legal action.
This story is a good reminder for all of us that not all data leaks occur because a hacker has managed to find a way to breach your network security.

Often the biggest problem is not the threat of external hackers, but rather internal staff to whom you have granted access to sensitive data and who might be tempted to exploit it for financial gain.

See also his podcast:

Smashing Security #096: Bribing Amazon staff, and blinking deepfakes
Industry veterans, chatting about computer security and online privacy.