Amazon has recently terminated employees responsible for leaking customer data, including their email addresses, to an unaffiliated third-party in violation of company policies.
The company has sent out an email announcement to affected customers following the incident.
Affected Amazon customers confused
Over the weekend, reports emerged on Twitter of multiple Amazon customers perplexed by the email alerts being sent out by the company describing the data leak.
The key concern was if this was an isolated incident targeting the particular customer who had received the email or had other customers been affected too.
"Did anyone else get a weird email from Amazon about this data breach or was I just targeted solo?" tweeted entrepreneur Zain Jaffer.
Another user, Routinely Rateled questioned Amazon's Help account out of concern.
Their tweet implies customers around the world may have been victims of the data leak:
"So, what I'm trying to find out is: Is it just my email address that's been disclosed? Has Amazon had a more general data breach - and have you notified relevant UK authorities? Why is the Canadian branch notifying a UK account holder?"
Whereas, Twitter user Lily expressed their frustration over the incident alleging Amazon of selling user data.
In the email notification sent out by Amazon and observed by BleepingComputer, the company's response is rather brief with regards to the incident:
"We are writing to let you know that your e-mail address was disclosed by an Amazon employee to a third-party in violation of our policies. As a result, we have fired the employee, referred them to law enforcement, and are supporting law enforcement’s criminal prosecution."
"No other information related to your account was shared. This is not a result of anything you have done and there is no need for you to take any action. We apologize for this incident."
Although the email notification pins blame for the incident on "an Amazon employee," a company statement shared by Motherboard implies multiple insiders could be to blame:
"The individuals responsible for this incident have been fired. We have referred the bad actors to law enforcement and are supporting their criminal prosecution," said an Amazon spokesperson.
The company did not answer how many customers were impacted.
Insider threats, not all of which may be malicious, continue to pose a risk to tech organizations.
Just last month, as reported by BleepingComputer, Shopify had suffered from a data breach impacting 200 merchants, because of some company team members going "rogue."
August this year, a Russian national tried to recruit a Tesla subsidiary employee in an extortion effort, "to convince him to deploy an unknown malware strain on the company’s computer network."
Comments
C0bra - 3 years ago
Oof. Not a good look.