Given the size of Amazon’s customer base, it is probably one of the largest Internet sites targeted by hackers. As of 2014, the company claimed to have over 244 million customers two years later, we can only guess that it has probably stretched to over 300 million.
While researching for this blog also read that “the Amazon customers’ average household income is roughly $89,000, compared to the $71,000 average for the US as a whole, using Census Bureau figures. Moreover, almost 1 in 5 of Amazon’s customers in the $500,000+ bracket claim to make a purchase on Amazon once a week or more.” A theft of Amazon’s customer list would be a significant prize for most hackers. This makes them a target.
Amazon Hacked or Smart Security Practices?
Recently, Amazon security staff discovered a set of customer details posted online as part of another breach at different company. As a result, they started resetting passwords for a select list of users who had their personal details exposed online. This is a great proactive security measure taken on by Amazon especially in light of Yahoo’s massive 500 million customer list heist which they announced after inking a deal to be acquired by Verizon for 4.8 billion dollars. More companies with customer lists should be following Amazon’s lead.
Maybe Just a Bit Paranoid
Is Amazon just being paranoid? If so, how can anyone blame them? Yahoo’s customers are largely taking advantage of a free service whereas Amazon maintains a list of paying customers as well as their credit card details. Amazon has a lot more to lose as they hold multiple credit cards for a big percentage of our population.
Smart Security Practices
In an effort to stay proactive against a hacking community of well-funded cyber breach professionals, Amazon should be anticipating an eventual compromise. Given enough time and money, hackers always get in. What can Amazon do in preparation?
When a company learns that they have been compromised, they almost always fall back on the logs to hopefully determine how they got in, when they did it and what they did. Hackers know about these logs and often try to delete them. To make deleting these logs several magnitudes more difficult for hackers, companies like Amazon should be using UDP forwarders to disperse the collection of logs in a way that makes it extremely difficult for hackers to cover their tracks. UDP forwarders are transparent to collection systems and dramatically increase the complexity that hackers must reverse engineer in order to cover their tracks by deleting records. Evaluate one today.
