The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Amazon Investigating Employees Leaking, Selling Data

by Chris Brook on Tuesday September 18, 2018

Contact Us
Free Demo
Chat

Amazon confirmed this week that it's looking into claims that some of its employees have been taking bribes to leak and sell confidential data, like internal sales metrics and email addresses.

Amazon, the behemoth e-commerce company, is reportedly looking into whether its employees are stealing and selling internal data or other confidential information.

The Wall Street Journal broke the news, specifying that the data is purportedly being sold to give some vendors a leg up when it comes to selling products on the site, late Sunday.

According to the paper, some employees - in China especially - are offering data like internal sales metrics and reviewers' email addresses, along with a service that can delete negative reviews and restore banned accounts. While pronounced in the country, the scams aren't limited to China. Some employees in the U.S. are suspected of accepting bribes for data as well, the paper said.

The end goal, at least for vendors, is to game the system. According to the Wall Street Journal, the exchange of data has largely been facilitated by brokers between Amazon employees and sellers who either want negative reviews of their products or access to sales information. It costs between $80 and $2,000 depending what the seller wants. To delete a bad review costs $300, $80 can net a seller information on sales data, like how many times a user searched and clicked through to certain products, which sellers are angling for advertisements, and how much ads cost.

According to the WSJ, the findings are based on sellers who have been offered and purchased the data, brokers who provide it, and others involved in the investigation.

Amazon confirmed to the publication that it was looking into the incidents and that it would take action against bad actors.

“We hold our employees to a high ethical standard and anyone in violation of our Code faces discipline, including termination and potential legal and criminal penalties," a spokewoman for the company told the publication, "We have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them."

The incidents highlight a growing problem that Amazon continues to grapple with. The company announced in August that it was working in tandem with the Federal Trade Commission to combat fraud by sellers on the service. The WSJ disclosed in July, this past summer, that Amazon employees were being paid for confidential seller-account stats, SEO tricks, and other sensitive information.

“Data security is a top priority, and we have strict policies and procedures in place to protect it,” Amazon told the paper in response to the allegations at the time. “We are conducting a thorough investigation of these claims.”

Insider threats don't necessarily have to be carried out by disgruntled employees with an axe to grind. In the U.S., a $2,000 bribe may not be enough to risk a job but in China, where the WSJ says Amazon employees make relatively little, the sum of money could tempt an employee to take a risk.

It's conventional wisdom that some employees take sensitive data when they leave a company but the dangers of employees selling confidential data while they still work for a company and have access to it, can't be underscored either.

Tags: Data Theft

RECOMMENDED RESOURCES


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Find out why Digital Guardian has been named a “Leader” for 5 years in a row
  • Gartner’s yearly analysis of DLP vendors
  • DLP use cases and technology requirements

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.