www.idox.ai
Back
All Amazon Data Breaches - The Mechanics and Takeaways

While every major company is bound to become the target of malicious online activity at some point, Amazon has experienced more than its fair share of data breach incidents over the years. The e-commerce powerhouse has been vulnerable to cyber-attacks by both state-backed hackers and individual criminals alike. Their motives ranged across the board from financial gain to stealing customer information and intellectual property. This article provides a high-level overview of some of the most notable and impactful incidents to take place since 2012.

 

 

January 2012: Zappos Breach

The first significant incident to be noted on Amazon's data breach timeline dates all the way back to January 2012. It was then that the company's subsidiary Zappos.com announced its internal systems had become compromised by cyberattackers, exposing the account information of as many as 24 million customers. While credit card information was reportedly unexposed, the breach evoked widespread panic among customers who suddenly became at risk of identity theft and other forms of fraud.

 

December 2014: Anonymous Breach

Hacktivist organization Anonymous is known for its many high-profile operations and attacks. Over the years, Anonymous has taken on governments, corporations, and anyone they feel is violating human rights or civil liberties. Amazon found itself in the crosshairs of Anonymous in 2014 when individuals claiming association with the group leaked more than 13,000 combinations of its clients' usernames and passwords, along with complete credit card numbers.

Amazon wasn't alone in this crisis; other major websites and digital platforms, including Xbox Live and Playstation Network, were also targeted. It's estimated that the hacking campaign affected roughly 150 million users worldwide after all was said and done.

 

2014: Allegations of Staff Spying

Corporations as big as Amazon are bound to hire a few bad apples every now and then. But even so, are individual employees always to blame when malpractice occurs? It's a question one can't help but wonder about a lengthy incident that took place for what was likely months during 2015. Magazine WIRED released a damning report detailing telling information its journalists discovered on six pages of Amazon's internal documents. Apparently, staff had been actively going through high-profile individuals' search and order histories to snoop. Countless big names, from rapper Kanye West to multiple stars of the Marvel Avengers movie franchise, were violated. Several ex-workers later stepped forward to confirm they'd indeed seen it happen, and that 'everybody did it'.

 

July 2016: Claim of Breach

In July 2016, a Twitter user by the name #0x2Taylor took to that social media platform claiming they had successfully breached Amazon's main servers and would expose the sensitive account data of more than 80,000 Kindle customers if the company did not pay up. Although the requested amount - only $700 - would be nothing to Amazon, it ultimately decided not to react. The anonymous hacker followed through by posting the 'stolen' information, however, it turned out the data was unlikely to be legitimate.

 

2017: Ring Camera Spying

Although it might not fall in the category of more common instances of cybercrime, we'd be remiss to not mention an incident that shocked the world - and particularly Ring video customers - in 2017. An employee at the Amazon subsidiary had been found to have spied on customers using their own devices. This went on for months until the abuse of power was eventually discovered and the staff member was terminated. There were big implications for Amazon, which was forced to pay a $5.8 million settlement to the Federal Trade Commission alongside additional multi-million dollar penalties in Spring 2023.

 

September 2018: Employees Sell Data

It's worth acknowledging that not all instances of cybercrime start on the outside. In fact, it's often inside jobs that end up having the most damaging effects on target companies. Take September 2018 for example, when it was discovered that Amazon employees had been using the company's internal systems to access customer data without permission, and in some cases selling it to foreign actors and vendors for payouts ranging between $80 and $2000. The company conducted an internal investigation and wound up taking disciplinary action against select staff members after its internal malpractice was leaked in a story by The Wall Street Journal.

 

July 2021: GDPR Fine

In July of 2021, European regulators slammed Amazon with a record $886.6 million penalty for violating the EU's General Data Protection Regulation (GDPR) data processing rules. The Luxembourg National Commission for Data Protection (CNDP) claimed the multinational corporation had mishandled EU citizens' personal information and failed to properly secure their data. While that doesn't technically constitute a breach, lawmakers' argued it could have easily become one.

 

The takeaway from all of this? Online data is almost never 100 percent secure. If the biggest and wealthiest company in the world can fail to protect its servers several times over, everyday enterprises don't stand a chance. Not alone, at least.

 

iDox.ai's data security solutions equip small, medium, and large organizations alike to stop liabilities in their tracks. Easily search your sensitive unstructured data, redact, and eliminate any potential data leakage points with our state-of-the-art solutions. Contact us today to learn more.

 

You Might Also Be Interested In