Amazon informed some of its customers about a security incident that involved the unauthorized disclosure of their email addresses. News of the security incident emerged over the weekend of October 23 when multiple users took to Twitter to voice their confusion over an email they had received from Amazon. In an email notification obtained by Bleeping Computer, the tech giant explained that it had fired an employee after they unlawfully disclosed some customers' email addresses to a third party.
Screenshot of Amazon's email message obtained by Bleeping Computer.
We are writing to let you know that your e-mail address was disclosed by an Amazon employee to a third-party in violation of our policies. As a result, we have fired the employee, referred them to law enforcement, and are supporting law enforcement’s criminal prosecution. No other information related to your account was shared. This is not a result of anything you have done and there is no need for you to take any action. We apologize for this incident.
At the time of writing, there was some confusion about how many former Amazon employees had been responsible for the security incident. Motherboard wrote that it had obtained another statement from Amazon. In it, the tech giant explained that more than one insider had perpetrated the disclosure. "The individuals responsible for this incident have been fired," the statement read. "We have referred the bad actors to law enforcement and are supporting their criminal prosecution." Neither statement indicated how many customers the security incident is believed to have affected. The event described above wasn't the first time Amazon fired some of its employees for improper data disclosure. Back in January 2020, for instance, TechCrunch reported that Amazon had terminated a number of employees for sharing customers' phone numbers and email addresses with a third party. News of this latest incident highlights the need for organizations to defend themselves against insider threats. To do this, they need to focus on taking proactive measures for the purpose of deterring malicious insiders as well as detecting malicious insider activity while it's in progress.