Fast company logo
|
advertisement

NEWS

Amazon’s customer data protection was far too weak, new story alleges

A former exec at Amazon told ‘Wired’ that protecting customer data was almost an afterthought.

Amazon’s customer data protection was far too weak, new story alleges

[Source Images: kasinv/iStock]

BY Clint Rainey1 minute read

A former Amazon executive says the company doesn’t take customer data protection seriously enough. “It was put together by tape and bubblegum,” ex-chief information security officer Gary Gagnon says in a new report published today by Wired and the Center for Investigative Reporting’s Reveal. Their investigation documents show Amazon’s mission to track and analyze every move we make as consumers—”What you search for, what you buy, what shows you watch, what pills you take, what you say to Alexa, and who’s at your front door”—has backfired into a sort of Achilles’ heel for data security.

Gagnon says when he started in 2017, customer data protection was almost an afterthought. “It was shocking to me,” he tells Wired and Reveal. New consumer product launches were shrouded in “utmost secrecy,” yet employees were given astounding amounts of access to practically everything else, including customer information—with no checks in place to prevent abuse. In addition, the data breaches were “breathtaking.” (According to Wired, for 2 years, 24 million customers’ names and credit-card numbers sat outside Amazon’s secure payment zone. Amazon spokesperson Jen Bemisderfer told Fast Company, “There is no evidence to suggest the data was ever exposed outside of our internal system or misused in anyway.”)

Gagnon also notes that his team numbered about 300 when he was hired, but should have been “more like 1,000.” When he asked for more resources, global consumer business CEO Jeff Wilke would usually turn down the request. Gagnon came to believe InfoSec was seen as dead weight: Amazon Web Services’ separate security team had the ability to generate revenue through cloud data-protection products, but the consumer team was seen as draining money from the cool projects that “made Amazon faster, more profitable, and more pleasurable.” The publications report Gagnon warned that Amazon was expanding too fast, and that the casualty was going to be data security.

A spokesperson for Amazon issued the following statement when Fast Company reached out for a comment: “The claims made in the ‘Wired’ story are based on information that is outdated and out-of-context and have absolutely no bearing on Amazon’s current security posture.”

advertisement
CoDesign Newsletter logo
The latest innovations in design brought to you every weekday.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Privacy Policy

ABOUT THE AUTHOR

Clint Rainey is a Fast Company contributor based in New York who reports on business, often food brands. He has covered the anti-ESG movement, rumors of a Big Meat psyop against plant-based proteins, Chick-fil-A's quest to walk the narrow path to growth, as well as Starbucks's pivot from a progressive brandinto one that's far more Chinese. Previously, he worked for New York Magazine, where he was part of teams that won National Magazine and James Beard awards More


Explore Topics