Based on a trove of confidential internal documents, reporter Will Evans from Reveal from The Center for Investigative Reporting, in collaboration with WIRED, exposed how Amazon has failed to protect its empire of data, harming customers and small businesses. Amazon grew so quickly, with so few internal controls, that the company couldn’t even keep track of the sensitive data it kept on customers and businesses, much less protect it, the investigation found. But the story was not just about hypothetical risks. For years, Amazon customer service employees could spy on the purchase histories of exes and celebrities, and did so with ease. Employees took bribes to help rogue sellers and attack legitimate businesses, corrupting the integrity of the marketplace. A Chinese data analytics firm obtained the personal information of millions of Amazon shoppers, and when Amazon found out, it didn’t tell those customers. The story documented the responsibility of Amazon’s top executives, who were warned of dire risks even as the teams they charged with protecting customer data were under-resourced and often mired in dysfunction.
With a grant from the Fund, Reveal and Wired worked for months to earn the trust of sources and corroborate documents with more than a dozen former Amazon security and privacy professionals. Not long after the story landed, members of Congress condemned Amazon’s handling of customer data and called for federal legislation to address the problem.