[BreachExchange] Amazon Fires Employee Who Leaked Customer Names, Emails

[Destry Winant]

https://threatpost.com/amazon-fires-employee-customer-data/160610/

Amazon notified customers and law enforcement of the insider-threat
incident this week.

Amazon has fired an employee who shared customers’ names and email
addresses with a third party.

An Amazon spokesperson told Threatpost that it has systems in place to
limit and control access to information, and processes in place for
identifying and investigating suspicious behavior. These systems
notified Amazon of “suspicious behavior.” After the company
investigated the incident, it fired the employee, referred them to law
enforcement and is working with law enforcement in their criminal
prosecution.

“No other information related to your account was shared,” according
to the note, shared on Twitter by several Amazon customers. “This is
not a result of anything you have done and there is no need for you to
take any action. We apologize for this incident.”

Amazon did not comment on an inquiry from Threatpost asking how many
customers were impacted, and what the role of the Amazon employee was.



“It is critical for businesses to recognize that threats from
legitimate users have always been more elusive and harder to detect or
prevent than traditional external threats,” said Orion Cassetto,
director of product marketing at Exabeam, in an emailed statement.
“Though the extent of the leak is currently unknown, a number of
Amazon customers have been notified that their email addresses have
been passed on to a third-party by an employee, which has resulted in
their termination. Organizations must be armed with the tools to
prevent threats from within their walls from launching attacks.”

Researchers for their part say that a combination of training,
organizational alignment and technology can help companies prevent
insider threats. Behavioral analytics tools are one type preventative
technology that tracks, collects and analyzes user data to detect
threats, said Cassetto.

“This is typically done by collecting data over a period of time to
understand what normal user behavior looks like, then flagging
behavior that does not fit that pattern,” said Cassetto. “It can often
spot unusual online behaviors – credential abuse, unusual access
patterns, large data uploads – that are telltale signs of insider
threats. More importantly, it can often spot these unusual behaviors
among compromised insiders long before criminals have gained access to
critical systems.”

Insider threats continue to plague tech companies. Last year, Trend
Micro said that a rogue employee sold the data of 68,000 customers to
a malicious third party, who then used that data to target customers
with scam calls. In May 2019, a report outlined how Snap employees
were abusing their access to private user data – which includes
location data, saved Snaps and phone numbers. And a report in 2018
found that Facebook had fired an employee who allegedly abused access
privileges to data to stalk women.