The American magazine “Wired” has had access to documents showing that coordinates or the consumer purchasing history have been insufficiently protected by the online business.
Le Monde
Too many Amazon employees had access to personal personal information: that’s what a Very dense Wired American magazine survey , which could consult internal memos of the company written for its main leaders.
The fact that all employees working for the consumer service of the online business has access to the detailed profile of customers is at the origin of several abuses, note Wired, which cites examples of consultant employees The history of orders for celebrities or spouses, thus violating the rules of the company. Amazon “rejects with force the idea that these abuses are common,” says the company in a statement. A document dating from 2015, however, identifies this very broad access to the company’s database as a problem.
Similarly, the management of the company had been informed, as of 2010, that too many employees had access to a very powerful tool that allowed them to connect as a seller to proceed with repayments or Consult order history. In 2015, a new memo estimated that 23,000 employees had unduly access to this tool. The situation is due, according to Wired, by the priority given within Amazon to the effectiveness of the customer service; Direct access to these tools “allows them to work quickly (…), but it exhibits our customers at a risk of fraud or infringement of privacy from our employees or subcontractors”, notes a memo recent cited by the American magazine.
Access to data by third parties
Wired’s investigation also reveals that Amazon has not always taken the necessary precautions to protect the personal data of its third-party businesses, including marketing companies that offer their services to sellers registered on its platform. AMZREVIEW, a subsidiary of a Chinese company called TouchData, has thus been able to collect, with impunity, personal data of several million Amazon customers for several years, through an insufficiently monitored data access procedure. . The company then combined this information with the contents of databases of pirated e-mail addresses, to sell to its customers those of users who have left negative criticism on their page. AMZREVIEW access has since been cut, and the company closed.
But the problem was not limited to a company, according to the notes consulted by Wired. When the Amazon security team analyzed the practices of a series of third-party developers, it concluded that half of them did not respect the conditions of use of the platform.
More broadly, the company’s internal documents then asserted that Amazon “sharing [AIT] too” information, and should restrict access to data for its sellers and partners. Especially since the company had, in most cases, “no way of knowing” if third-party companies collect data for legitimate reasons.
Since then, the Web giant has limited the data it shares, introduced more controls, and asked the main third-party companies with which it works to erase data histors in their possession. “It was not a data leak, affirms a spokesman for Amazon quoted by Wired. We have strict policies and clauses in our contracts that prohibit the misuse of our users’ data, and we monitor permanently Our systems to detect violations. “