Amazon Hit from Within, Employees Leak Proprietary Data for Profit
Insider threats are nothing to joke about — they are a real danger to companies worldwide, who often neglect them. In fact, they rank among the top six threats of 2018, according to statistics. A company will spend at least $8 million yearly on insider threats, the Ponemon Institute has found.
No matter how much companies invest in infrastructure security or IT-teams with software updates, there will always be that one staff member to open a malicious document or click on a suspicious link. But what happens when employees are paid to leak data and company secrets on purpose? This was precisely the case with tech giant Amazon, now struggling to weed out fake product reviews, scams and counterfeit products, as a result of employee corruption in China, reports The Wall Street Journal.
Middle-management employees are apparently under investigation for taking financial incentives from intermediaries to not only disclose confidential information, metrics and customer emails, but also delete negative reviews and restore banned accounts. These schemes have affected the online store’s integrity, especially since most of the products sold are from third parties, and Amazon has extensively nurtured a review-based shopping experience.
In short, the scheme allegedly involved mainly Amazon employees in Shenzen, but also some located in the US who had access to customer reviews and personal information. They were contacted by brokers (also referred to as intermediaries) and received bribes ranging from $80 to even $2,000 or more, depending on the service provided.
For example, some sellers had to pay an employee $300 to delete a poor review, but because brokers usually offered a package of minimum five reviews, some merchandisers paid even $1,500. Sources claim some customers who wrote negative reviews were later contacted and promised various incentives to persuade them to change their minds. Amazon has now restricted employee access to a number of functions and everything they do is under scrutiny to ensure company policy is respected.
“We hold our employees to a high ethical standard and anyone in violation of our Code faces discipline, including termination and potential legal and criminal penalties,” reads a statement from Amazon. “We have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.”
Even though it clearly violates company policy, Amazon is struggling with its Chinese business operations because “its employees in China have relatively small salaries, which might embolden them to take risks,” writes The Wall Street Journal. To make the big bucks, some of Amazon’s detailed sales information, such as keywords and volumes data, was sold to sellers to incorporate them in advertisements and product content to boost their rank in search results.
According to a recent investigation by Reuters, selling bulk customer data is a very popular tactic in China because it involves major profits. The leaked data includes banking records, browsing history, mobile phone data and vehicle registration, usually acquired from employees.
*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Luana Pascu. Read the original post at: http://feedproxy.google.com/~r/BusinessInsightsInVirtualizationAndCloudSecurity/~3/drLyFcSISUY/amazon-hit-from-within-employees-leak-proprietary-data-for-profit