Amazon Data Breaches History and Full Timeline Up to 2024

In recent years, data breaches and hacking on multiple platforms have been frequent.

If we take a look at the recent data breach on Amazon, it took place on October 6th, 2021.

Amazon owns a streaming service known as Twitch, whose sensitive data was leaked by an unknown hacker.

There was much more to the Twitch leak besides the source code of the streaming service and earnings numbers of the streamers.

However, the login credentials of the users were not compromised. The same goes for their credit card information.

Luckily, no Amazon data breach has been observed in 2022 so far.

Amazon Data Breaches History and Full Timeline Up to 2024

In this article, we will address the history of data breaches on Amazon while taking a start from the most recent one.

Twitch Data Leak To 4chan – October 6th, 2021

As mentioned earlier, Twitch suffered a major data breach in 2021. The size of the leaked files on the 4chan message board was around 128 gigabytes.

Unfortunately, authorities have failed to identify the attacker by now.

A study of the Twitch blog post reveals that the exposure of data was because of the error in the server configuration of the Twitch.

Nine days after the Amazon data leak, the streaming service Twitch issued a statement where it was assured that login credentials, passwords, bank information, and credit card numbers were unaffected by the attack.

In addition, Twitch also mentioned that direct contact was being made with users who were victims of the data breach.

$746 Million Fine Imposed On Amazon By EU (European Union) As A Result Of GDPR (General Data Protection Regulation) Violations – July 2021

As a result of allegedly violating the EU’s GDPR, Amazon was fined 746 million euros by the Luxembourg National Commission for Data Protection in July 2021.

Amazon declared the fine ‘without merit’. Their authorities even denied the Amazon data breach.

Malicious Employees Leaked The Customer Email Address – October 2020 

It was the second time in 2020 that the email addresses of many Amazon customers were released to third parties voluntarily by Amazon employees.

As a result, the employees involved in the Amazon data breach were fired.

Despite the direct emailing of Amazon to the affected customers, the number of customers impacted by the incident is still unclear.

At Amazon, the most recurring problem is the internal threats.

It’s not just once that the Amazon employees have leaked the proprietary information and customer data. They have done it a number of times.

Six People Indicted In Scheme To Bribe Amazon Employees – September 2020 

In September 2020, six people bribed Amazon employees to persuade them to gain an unfair advantage in a third-party marketplace at Amazon.

Charges were pressed on those individuals, and they were indicted by the grand jury in Washington.

It was revealed that Amazon sellers had acquired the consulting services of all of the six defendants. Besides, three of them held the record of selling the products of their own.

They were experts at obtaining customer data through fraud and bribery. If there were any competing sellers in the market, these guys made attacks against them.

These individuals also restored the product listings taken down by Amazon.

Sharing Of Customer Contact Information With The Third Party – January 2020

A bunch of Amazon customers were caught leaking sensitive customer data in January 2020.

Before they were caught, they had already shared the phone numbers and email addresses of a bunch of customers.

However, the number of those customers is not precisely clear.

Following the legal proceedings of the Amazon breach, those employees were fired from Amazon.

Although Amazon authorities are frequently questioned on these incidents, they still avoid giving details about these breaches.

Personal Data And Order Histories Of Amazon Japan Exposed – September 2019

Amazon Japan users encountered a strange thing in September 2019 when the order histories of other shoppers were viewable to them.

In addition, they could also view the shopper names, purchase details and delivery addresses.

Even after three years, the number of impacted users on the Japanese Amazon site is unclear.

As soon as the data breach news became viral, Amazon issued a statement that the problem was resolved, and customers were contacted about the issue.

Moles In Amazon Staff Working For Third-Party Sellers – November 2018

As per the discovery of Amazon’s security division, Amazon employees were paid bribes of $160,000 by Krasr, a third-party retailer.

Krasr asked for the sabotage of its competitors on Amazon’s marketplace in exchange.

The number of Amazon employees who had taken the money from Krasr was seven.

After their identification, all seven of them were instantly fired on the charges related to the data breach.

Exposure Of Customer Names And Email Addresses – November 2018 

A major data breach occurred in November 2018, where the names and email addresses of the customers were leaked.

As per the company’s statement, they contacted the affected users but kept them unaware of the extent of the breach.

They declared the Amazon security breach as a technical error that resulted in the exposure of names and addresses of the customers on the website.

Discovery Of Amazon Employees Selling Customer Data – September 2018 

The Wall Street Journal of September 2018 reveals that Amazon customers had been receiving bribes to hand over their customer data.

Whether it’s USA or China, Amazon employees from both these countries got bribed by Chinese sellers.

The price range for the data sell was from $80 to $2000.

The data breach included personal information like the email addresses of the reviewers and internal metrics.

A similar activity was detected by Amazon security when the security panel observed the bypass of security controls by Amazon employees in China.

Not only did those employees take over the customer accounts, but they also deleted their reviews.

There is a high chance that there is no such relation between these two incidents because the working procedures of employees have been different and individual.

AMZReview Caught Selling Customer Data – May 2018 

In May 2018, it was discovered that the Amazon customer data was being sold by a third-party service to outside sellers.

Sellers have been quite accessible to the customer data like names and email addresses of the customers for years.

The compilation of this data was done on a mass scale by AMZReview.

The breached data was then connected to the private information of customers that got leaked in other breaches.

Almost 16 million Amazon customers had their data leaked to AMZReview. However, that was not the only problem that Amazon was facing.

A billion Amazon orders were accessible to some third-party companies, and more than 50% of these third-party developers were involved in the violation of Amazon’s terms of service.

As a response, the control over the data of customers was tightened by Amazon.

However, no public statement about the breach was made by the company.

Internal Exposure Of 24 Million Credit Card Numbers – May 2017 

The internet network of Amazon had unsecured American Express credit card numbers whose cache was discovered by Amazon employees in May 2017.

Many months passed by, and still, the credit card information was accessible to the Amazon employees.

The audit logs of Amazon went back just 90 days; therefore, the question of the openly available data getting abused or not is still there.

Claim Of Hacker On Breaching 80,000 Amazon Accounts – July 2016 

A hacker identified as #0x2Taylor posted on Twitter in July 2016 that he had breached the Amazon server.

He further claimed to have the personal information of almost 80,000 Kindle users.

He posed a threat to Amazon that the data he had would be leaked if he was not paid $700.

Amazon didn’t make any payments, and therefore, he posted the data breach online.

As far as the claim of Amazon on this incident is concerned, they denied the data breach from the start.

It is still not sure whether Amazon was breached or not because, as per the company, the information that was posted online did not belong to Amazon’s servers and nor were the customer accounts of Amazon legitimate.

Spying On Customer Purchase Histories By Amazon Employees – 2016 

As per the reports of Wired, Amazon employees frequently spied on the customers’ purchase histories.

One manager stated that everyone on the Amazon staff did it.

The purchase of popular figures like Kanye West was looked up to by the employees. They used to spy on their romantic partners and exes.

Back then, in 2016, it was possible for any customer service employee to look up the purchase history of any customer at any time.

The wide distribution of these access privileges led to the employees abusing their power and thus spying on Amazon customers.

Amazon has been facing the issue of internal threats for a long time.

Amazon Resets User Passwords As A Precautionary Measure – November 2015 

The passwords of a lot of Amazon users were reset by Amazon in November 2015.

Although there were little to no chances of an actual breach, Amazon took this security measure of resetting passwords after identifying a credible risk.

Password Leak For Amazon And Other Sites By Anonymous Hackers – December 2014 

December of 2014 was the worst month for Amazon and a bunch of other websites, including Walmart, Xbox Live, and Playstation Network.

A group called Anonymous had associated plenty of hackers that took down the usernames and passwords of more than 13,000 users.

It is not clear how and where they got access to this information.

Zappos Breach Exposes 24 Million Accounts – January 2012 

Zappos is an online store that is owned by Amazon. Zappos got its servers breached by a hacker in January 2012.

This attack revealed the private information of almost 24 million Zappos customers.

However, there was no such impact on the Amazon accounts.

How To Check Data Breach On Your Amazon Account? 

As soon as any sort of security breach incident takes place, Capital One notifies the users by sending an email or mail.

Capital One has set up a page that you can visit and see whether your data has been breached or not.

If you want to have more information on the data breach, contact them at 1-833-727-1234.

What To Do In Case Of An Amazon Account Breach? 

In all the data breach incidents of Amazon that happened now, the leaked information included the customers’ credit card data, their social security numbers and banking information.

Therefore, if you are one of the affected customers, you will have to close these accounts permanently and open the new ones.

You can also get new numbers and cards from Capital One.

As soon as you are informed of the data breach, it is wise to enable a credit freeze so that it becomes impossible for the hackers to open any new accounts in your name. Some users also consider credit monitoring services.

Make sure you keep yourself from any sorts of phishing scams.

Your download attachments or email might have certain links that you should avoid clicking on.

In order to protect your computer from malware and viruses, scan it on a regular basis. You must change your credit card and bank account logins.

When you have to set the password, make sure it is a complicated one with letters, symbols and numbers.

Can Hackers Use My Personal Information For Identity Theft? 

It’s not just the identity theft that hackers can do with your leaked private information; they can also use it for many other purposes.

The reason is that information leaked from the Amazon server is quite damaging when it gets to hackers.

Cybercriminals usually use the name and emails of the customers to contact them as Amazon or Capital One employees.

They send you a link in the email.

As soon as you click the link, hackers can get control over your computer after getting it infected with the malware.

No matter what information your computer holds, hackers can steal it.

Sometimes the link opens to a spoofed website that demands the entry of your login and other details.

Apparently, they are validating your account, but actually, they are getting access to your data.

How To Prevent Data Breaches

Our personal information resides on plenty of websites and companies, so it is difficult to protect each and every one of them from data breaches.

However, one can take some steps to ensure the protection of one’s private information and the safety of the data.

The use of identity theft protection services has also been pretty useful.

It is foolish to share your personal information with anyone unless you are the one who made the call or took action.

Keep updating your computer antivirus and scan the computer often.

If you find any suspicion in the emails sent to you after the Amazon data breach, you need to forward those emails to [email protected].