- A Chinese firm was able to harvest Amazon customers' data to sell to Amazon sellers, Wired reports.
- The firm and other third parties accessed the data because of one of Amazon's own internal programs.
- Wired likened it to Facebook's Cambridge Analytica scandal when people's data was secretly scraped.
Insight into the integrity of Amazon's customer data infrastructure surfaced in a Wired report Thursday.
In 2018, third-party companies were scraping customer data thanks to one of Amazon's own programs, according to the magazine, which viewed internal documents and memos.
One company in particular, a Chinese data firm, was able to do so because of a system that Amazon already had in place to help sellers collect metrics on how their products were performing.
The Chinese firm used the system as a backdoor to collect troves of the data and compile it in a service — dubbed AMZReview — that was advertised to Amazon's third-party sellers to help them boost their rankings.
As Wired pointed out, the discovery is somewhat like Facebook's Cambridge Analytica scandal, when the data firm harvested millions of users' data without their knowledge to influence the 2016 US presidential election.
The AMZReview system claimed to hold information on 16 million Amazon customers, though an internal intel team said it likely harvested the details of only 4.8 million, per the memo reported on by Wired.
"There was a massive hole," one former Amazon employee told Wired. "It was really unmitigated."
The company wasn't able to decipher if the system was being used properly by sellers or by third-party companies, who could have been outright selling that data or leveraging it to target customers with marketing, Wired said. More than half of the developers Amazon looked into were violating the terms of service, per a memo reported by Wired.
An internal intel team discovered the backdoor when it investigated the external AMZReview service being marketed to its sellers. The "door" had been open for years, per Wired. An insider told the publication that "the color was draining from people's faces" when the team informed company leadership of the abuse.
"It was a fucking shitstorm," the person said.
The firm's solution was to limit how much data Amazon shared with sellers. It also asked the largest third-party companies to delete their historical data on Amazon customers to improve the "optics" if this ever surfaced publicly, one former employee told Wired. Wired also reported that AMZReview is no longer active.
An Amazon spokesperson told Insider the issue "was not a data leak."
"We provide third party sellers (and their service providers) the limited customer information that they need to fulfill orders," they said. "We have strict policies and contractual terms in place that prohibit the misuse of customer data by sellers and service providers, and we continuously monitor and audit our systems to detect misuse and enforce our policies. The actions by sellers like AMZReview violated our terms of use, so we revoked their access and suspended sellers who had authorized AMZReview to misuse the system on their behalf."
source https://www.businessinsider.com/amazon-chinese-firm-scraped-data-sold-to-seller-amzreview-2021-11