Hasnain says:

This was a scary and worrying read at how practices can be poor at large tech companies. So many scary quotes in here, but I’ll pick one that is really ironic because the PR response, while technically and legally correct, really misses the point and is misleading.

“In the midst of all that expansion, Gagnon wrote, breathtaking things were slipping through the cracks. Just that May, staffers had discovered that, for a period of two years, the names and American Express card numbers of up to 24 million customers had sat exposed on Amazon's internal network, outside a “secure zone” for payment data. It was as if a bank had realized that some sacks of cash had been left in a back office, outside the vault, for several seasons. The exposure was corrected, but the scariest part was that there was no way to be sure whether anyone had snooped on the payment credentials during all that time—because the data set's access logs only went back 90 days. “So we had no idea what the exposure actually was,” Gagnon remembers. “I was astonished by that.” (Bemisderfer says, “There is no evidence to suggest the data was ever exposed outside of our internal system in any way.”)”

Posted on 2021-11-19T05:39:44+0000