Article 5HE0T 4,700 Amazon employees had unauthorized access to private seller data

4,700 Amazon employees had unauthorized access to private seller data

by
Tim De Chant
from Ars Technica - All content on (#5HE0T)
amazon-prime-box-800x450.jpeg

Enlarge

Thousands of Amazon employees, including those who developed private-label goods for the e-commerce giant, enjoyed years of access to sensitive third-party seller data, according to a new report.

An internal audit in 2015 traced the issue to lax security protocols, including the use of a tool called spoofer access," which allowed Amazon employees to view and edit accounts as sellers. The employees had access to profile information, inventory levels, product pricing, and even the ability to cancel orders. The audit, obtained by Politico, says that spoofer access was available to employees from around the world and persisted until at least 2018.

At least one employee used the security lapses to their advantage. We identified one Vendor Manager who inappropriately reviewed a Seller's on-hand inventory to improve the likelihood and timing of the Vendor Manager winning buy-box," the audit said. The "buy box" is the main Buy" button that appears on a product page on Amazon. Various sellers compete for opportunities to win" the buy box, giving them access to easy sales by making it more likely that orders will be fulfilled from their inventory.

Read 4 remaining paragraphs | Comments

index?i=1EKDcyAIuUg:s0PsLHU8Ork:V_sGLiPB index?i=1EKDcyAIuUg:s0PsLHU8Ork:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments