cyber Cyber Attack

Amazon

May 8, 2022 1 min read
Amazon

Amazon’s customer service representative was tricked into disclosing Eric Springer, a user’s personal information by an attacker who used social engineering techniques.

The attack initiated through the mail ended up in the attacker getting the credit card details along with the address and other details.

The incident got all highlighted on the internet and people on the web demanded social engineering training to be given to employees to prevent any such incidents in the future.

Source: https://grahamcluley.com/attacker-tricked-amazon-customer-service-disclosing-users-personal-info-times/

TPRM report: https://scoringcyber.rankiteo.com/company/amazon

"id": "ama0417522",
"linkid": "amazon",
"type": "Cyber Attack",
"date": "01/2016",
"severity": "80",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'E-commerce',
                        'location': 'Global',
                        'name': 'Amazon',
                        'size': 'Large',
                        'type': 'Company'}],
 'attack_vector': 'Social Engineering',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Credit Card Details',
                                              'Address',
                                              'Other Personal Information']},
 'description': 'An attacker used social engineering techniques to trick an '
                'Amazon customer service representative into disclosing '
                'personal information of a user named Eric Springer. The '
                'attacker obtained credit card details, address, and other '
                'personal information.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': ['Credit Card Details',
                                 'Address',
                                 'Other Personal Information'],
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'initial_access_broker': {'entry_point': 'Email'},
 'lessons_learned': 'Importance of social engineering training for employees',
 'motivation': 'Theft of Personal Information',
 'post_incident_analysis': {'corrective_actions': 'Implement social '
                                                  'engineering training',
                            'root_causes': 'Lack of social engineering '
                                           'awareness'},
 'recommendations': 'Implement social engineering training programs',
 'response': {'communication_strategy': 'Public demand for social engineering '
                                        'training'},
 'threat_actor': 'Unknown',
 'title': 'Amazon Customer Service Social Engineering Incident',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Human Error'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.