Amazon’s customer service representative was tricked into disclosing Eric Springer, a user’s personal information by an attacker who used social engineering techniques.
The attack initiated through the mail ended up in the attacker getting the credit card details along with the address and other details.
The incident got all highlighted on the internet and people on the web demanded social engineering training to be given to employees to prevent any such incidents in the future.
TPRM report: https://scoringcyber.rankiteo.com/company/amazon
"id": "ama0417522",
"linkid": "amazon",
"type": "Cyber Attack",
"date": "01/2016",
"severity": "80",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'E-commerce',
'location': 'Global',
'name': 'Amazon',
'size': 'Large',
'type': 'Company'}],
'attack_vector': 'Social Engineering',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Credit Card Details',
'Address',
'Other Personal Information']},
'description': 'An attacker used social engineering techniques to trick an '
'Amazon customer service representative into disclosing '
'personal information of a user named Eric Springer. The '
'attacker obtained credit card details, address, and other '
'personal information.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': ['Credit Card Details',
'Address',
'Other Personal Information'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Email'},
'lessons_learned': 'Importance of social engineering training for employees',
'motivation': 'Theft of Personal Information',
'post_incident_analysis': {'corrective_actions': 'Implement social '
'engineering training',
'root_causes': 'Lack of social engineering '
'awareness'},
'recommendations': 'Implement social engineering training programs',
'response': {'communication_strategy': 'Public demand for social engineering '
'training'},
'threat_actor': 'Unknown',
'title': 'Amazon Customer Service Social Engineering Incident',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error'}