Month: November 2018

Alleged Amazon Data Breach Days Before Black Friday

Reports about an Amazon data breach are spreading fast and furiously, although the online retailer denies that what happened was actually a breach. At least one expert is siding with Amazon on this, but to the average consumer, it may seem like splitting hairs.

Black Friday is only days away, so many shoppers are making decisions about where to spend their hard-earned cash. This could be one reason the company is being so secretive about this alleged data breach.

Amazon data breach reports stem from emails

Amazon emailed a number of shoppers on Tuesday to report that its website had “inadvertently disclosed” their name and email address “due to a technical error.” The online retailer also said it has fixed the issue, so users don’t have to do anything else.

Social media users were quick to start posting about the email and expressing concern about this potential Amazon data breach. Some even questioned whether the email they had received was genuine, pointing out details about the email which made it look like a phishing message. However, the online retailer has confirmed to multiple media outlets and news blogs that the email was real. However, beyond those generic statements, Amazon is remaining tight-lipped.

News outlets and tech blogs have been trying to get more details from the company about the data leak, but spokespeople are refusing to say anything more about it. They won’t say how many customers were infected, what caused
the leak, or how long it took them to realize there was a problem.

Amazon data breach may not have been a breach at all

Amazon’s U.K. office denies that there was a breach, in the technical sense of the word, and the founder of a web security company agrees, although he admits that more details are needed. High-Tech Bridge CEO and founder Ilia Kolochenko advised against drawing “premature conclusions” about the alleged Amazon data breach until more technical information is available, but he also urged the company to stop being so tight-lipped about the issue.

“Based on the information currently available, it is technically incorrect to call this incident a ‘data breach,’ he said in a statement. “This rather looks like an inadvertent programming error that made some details of Amazon’s profiles publicly available to random people… Amazon’s reaction seems to be quite prompt, however an official statement would certainly be helpful to prevent any speculation and unnecessary exaggeration of the incident and its scope.”

For those who like splitting hairs, the incident may be considered more of a data leak than a data breach, in that Amazon appears to have accidentally exposed users names and email addresses. A breach, on the other hand, involves someone hacking into a database or network and gaining unauthorized access.

Nonetheless, consumers will likely see this incident as an Amazon data breach because at the end of the day, the average shopper cares only that their information was exposed. It matters little whether their data was exposed thanks to a hacker or an accidental leak.

Shoppers prepare for Black Friday

The reported Amazon data breach comes just two days before Black Friday, one of the busiest shopping days of the year. This could be one reason the company is trying to keep a tight lid on information about the incident. Because of the data leak, shoppers may hesitate to spend money on Amazon on Black Friday or even later in the holiday shopping season.

Ref: Author: Michelle JonesMichelle Jones was a television news producer for eight years. She produced the morning news programs for the NBC affiliates in Evansville, Indiana and Huntsville, Alabama and spent a short time at the CBS affiliate in Huntsville. She has experience as a writer and public relations expert for a wide variety of businesses. Michelle has been with ValueWalk since 2012 and is now our editor-in-chief. Email her at Mjones@valuewalk.com.

Cybercrime is everywhere, and is out of control and we hear about it every single day.

Cybercrime is to reach 6 trillion dollars in 2021 as against 3 trillion in 2016.

How would you know if your security is already compromised?

In most of the recent cases, no one even knew that their data were stolen until months passed. That means todays cyber criminals are very much organised, coordinated and work according to a certain standard. 

What if the door to your key is already cut and kept by a thief and you are not aware of it?

What if your employees are already accessing information which they are not supposed to access in your database?

Today, security has become digital, and the criminals are white collar workers who have bachelor degrees in ICT who go to work from 9 to 5 like most of us do.

Yes, todays career criminals don’t look scary, and they don’t carry weapons, they don’t;

The only weapon in their pocket is the vulnerability in your locket. 

According to the United Nations, 80% of the cybercrime are a result of ultra organised, highly sophisticated crime group’s activities.

Cyber criminals made an estimated illegal profits up to 445 billion dollars last year which is larger than the GDP of 160 nations, and most of these incidents were a result of internal breaches which were done by employees of companies.

Sri Lankan companies are at higher risk as either most of the ICT security specialists are either not competent or unaware of the security threats which are prevalent in the Sri Lankan ICT infrastructure.

For instance many Sri Lankan financial institutions don’t have basic two factor authentication, and that means, the financial data of the customers could be easily breached without any serious hacking attempts.

 

Another security hole is that the websites of many financial institutions which give access to customers online for transactions can be easily hacked through browser level trojans and malware which are designed to steal online information.

These issues have been rather neglected or not highlighted as these will scare away customers from using online facilities.

Most financial institutions do not share information on breaches as this could lead to legal issues or may give competitive advantage to their counterparts.

For instance there is no public record or archive of breaches for other financial institutions to learn from breaches due to fear of being legal action taken against them from customers.

Just like the telecommunication industry steal money from unsuspecting customers due to various VAS features which customers don’t enable, financial institutions are also sometimes unable to disclose important security failures occurring from their end which may illicit very smaller amounts of money from customers accounts without anyones awareness.

In such instances what ever the industry dealing with peoples intimate financial details must strengthen their belts on security to be ahead of organised cyber criminals by implementing advanced security protocols which are rather difficult to breach.

We live in an era in which what ever the the security measure we take to protect is important.

After all, its just not about business anymore, its our life and the lives of our loved ones we protect.

Exire Technologies is a member of the European Chamber of Commerce Sri Lanka
Facebook Twitter Google-plus Instagram
© Exire Technologies