Was Amazon.com breached? Yes, but not by hackers…


November 29, 2018

There’s a rumor going around that some Amazon customers have been getting emails from the retail giant saying some of their information (the email account they created their account with) had been leaked due to a “technical error.”

The number of emails that were leaked hasn’t been released and no light has been shed on what exactly the technical error was either . Both CSO Online and ZDNet have covered the story. It’d be a pretty big deal considering Amazon’s size and this leaks proximity to both Black Friday and Cyber Monday, the two biggest shopping days of the year.

The problem here? The story going around doesn’t seem to be true what’s going on. It looks like the story stems from something that happened back in October. It doesn’t look like the breach wasn’t necessarily the result of a hack or the exploitation of a technical error but more likely a few Amazon employees that were bribed to share the information with a third-party.

The Wall Street Journal did a nice piece on what happened (that you can read here) and it seems like it might just be that its taken Amazon this long to figure out exactly what happened, what names/accounts were leaked and how to respond to it once they realized no one was actually at risk.

It doesn’t help the example email that’s been going around looks like a phishing attack. While odd it might just be bad form on Amazon’s part.

If anything this is a nice reminder that breach like this can happen to anybody and how important it is to give access to sensitive information only to those qualified/trustworthy enough to handle it.

Identity and Access Management-as-a-Service is very important. We’ve talked about it before here and here.

It’s not a fool proof solution, no security solution is. But it helps.

If you’re interested more in Identity and Access Management download our free Intelligence in Depth guide or send us a message.

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...