Amazon revealed a breach of customer data last week, but it wasn’t a data breach of the usual variety. Rather than falling prey to a cyberattack or having hackers exploit unsecured code, customer email addresses were leaked by an employee to an online reseller in exchange for money.
What you need to know: 1.) A crime was committed, and 2.) It still counts as a data compromise.
While this is Amazon’s first public dismissal of an employee for the theft of customer data, it’s unlikely to be an isolated incident. The e-commerce giant has been investigating suspected leaks from its databases since mid-September amid allegations that resellers were paying to get an advantage over competitors.
The Wall Street Journal reported incidents of employees accepting bribes to share sales data (including customer email addresses), remove negative reviews, as well as green-lighting banned seller accounts, particularly in China.
The value of customer email addresses to resellers is considerable. Resellers don’t typically have access to customer contact information. Getting access allows them to contact customers who have left negative reviews, and ask them to change them or remove them entirely in exchange for discounts on future purchases.
Customer reviews are thought to be a key data point in Amazon’s search algorithms; online feedback from customers a factor in how prominently a seller’s products appear in searches. Competition for high-ranking results is a matter of survival for resellers since the top three results in searches account for 64% of sales, and 70% of Amazon customers don’t bother scrolling past the first page of results. As the number of resellers increases, so too does the motivation to game the site’s algorithm.
Algorithms used by online services such as Amazon have become increasingly sophisticated in their ability to accumulate and predict user behavior. While most of the process of serving search results to the consumer is machine-made, user feedback and the administration of it are processes that require a human touch, and as such present a potential Achilles heel to the way promotions work on the site.
Read more about the story here.